Hello!
I'm setting up elastic cloud with GKE, sending the event using filebeat. I've configured it with the initial elastic user and now I want to demote the privileges of the filebeat user. Now the events are not sent and I always get the same error sending the logs:
Connection marked as failed because the onConnect callback failed: failed to check for alias [...] reason: "action [indices:admin/aliases/get] is unauthorized for user [***********]"},"status":403}
I've tried every single combination of permissions, even with all
for cluster and all
for the index with no results.
Any ideas?