Error 403 when log camin on logstah

HI
I install and configure ELK and all work I install the x-pack needed to get authentication to see log and got same problem on logstash when log start caming from nxlog I got this error

[2017-07-08T13:09:13,837][ERROR][logstash.outputs.elasticsearch] Got a bad response code from server, but this code is not considered retryable. Request will be dropped {:code=>403, :response_body=>"{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:data/write/bulk] is unauthorized for user [logstash_system]"}],"type":"security_exception","reason":"action [indices:data/write/bulk] is unauthorized for user [logstash_system]"},"status":403}"}

think same problem of authentication

in logstash i add

xpack.monitoring.elasticsearch.url: http://ip:9200
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: pass....

and config

output {
elasticsearch {

hosts => ["ip"]

    user => logstash_system
    password => pass...

}
stdout { codec => rubydebug }
}

without x-pack all work fine when I install x-pack and configure all like manual ony logstahs dnt work .... kibana is ok

Have you followed the instructions in the docs?

if use elastic user on config of logstash all work fine thinnk same problem on role of logstash_system default user

If you look in the docs the logstash_system is for writing monitoring data. Have you tried creating a logstash_internal user with a logstash_writer role as outlined in the docs I linked to previously?

Now @ home if I can I try make a fast wirtual machina here and try I tell you if I solve
tks

tks mate follow guide and work
tks so much

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.