Filebeat unable to send info to elastic cloud with non elastic user


I'm setting up elastic cloud with GKE, sending the event using filebeat. I've configured it with the initial elastic user and now I want to demote the privileges of the filebeat user. Now the events are not sent and I always get the same error sending the logs:

Connection marked as failed because the onConnect callback failed: failed to check for alias  [...] reason: "action [indices:admin/aliases/get] is unauthorized for user [***********]"},"status":403}

I've tried every single combination of permissions, even with all for cluster and all for the index with no results.

Any ideas? :pray:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.