Error 403 when log camin on logstah

Elastic Stack Logstash
1

HI
I install and configure ELK and all work I install the x-pack needed to get authentication to see log and got same problem on logstash when log start caming from nxlog I got this error

[2017-07-08T13:09:13,837][ERROR][logstash.outputs.elasticsearch] Got a bad response code from server, but this code is not considered retryable. Request will be dropped {:code=>403, :response_body=>"{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:data/write/bulk] is unauthorized for user [logstash_system]"}],"type":"security_exception","reason":"action [indices:data/write/bulk] is unauthorized for user [logstash_system]"},"status":403}"}

think same problem of authentication

in logstash i add

xpack.monitoring.elasticsearch.url: http://ip:9200
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: pass....

and config

output {
elasticsearch {

hosts => ["ip"]

    user => logstash_system
    password => pass...

}
stdout { codec => rubydebug }
}

2

without x-pack all work fine when I install x-pack and configure all like manual ony logstahs dnt work .... kibana is ok

3

Have you followed the instructions in the docs?

4

if use elastic user on config of logstash all work fine thinnk same problem on role of logstash_system default user

5

If you look in the docs the logstash_system is for writing monitoring data. Have you tried creating a logstash_internal user with a logstash_writer role as outlined in the docs I linked to previously?

6

Now @ home if I can I try make a fast wirtual machina here and try I tell you if I solve
tks

7

tks mate follow guide and work
tks so much

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.