Hello,
Just finished configuring elasticsearch, filebeat and kibana with SSL, xpack security and ILM.
Issue is that after following https://www.elastic.co/guide/en/beats/filebeat/current/feature-roles.html and creating filebeat_admin user:
I have errors when rollover happens:
Index lifecycle error
security_exception: action [indices:admin/settings/update] is unauthorized for user [filebeat_admin]
Which role should give this permission to assign to the user?
anyone?
This is the full error:
[2020-01-13T09:20:06,143][INFO ][o.e.x.i.IndexLifecycleRunner] [elasticsearchp004.[REDACTED]] moving index [filebeat-7.5.1-2020.01.02-000004] from [{"phase":"warm","action":"set_priority","name":"ERROR"}] to [{"phase":"warm","action":"set_priority","name":"set_priority"}] in policy [filebeat-7.5.1]
[2020-01-13T09:20:06,215][ERROR][o.e.x.i.IndexLifecycleRunner] [elasticsearchp004.[REDACTED]] policy [filebeat-7.5.1] for index [filebeat-7.5.1-2020.01.02-000004] failed on step [{"phase":"warm","action":"set_priority","name":"set_priority"}]. Moving to ERROR step
roles.yml:
filebeat_setup:
cluster:
- monitor
- manage_ilm
- manage_ml
indices:
- names: filbeat-*
privileges:
- indices:admin/settings/update
- manage
- read
- names: shrink-filbeat-*
privileges:
- indices:admin/settings/update
- manage
- read
filebeat_writer:
cluster:
- monitor
- read_ilm
- cluster:admin/ingest/pipeline/get
indices:
- names: filebeat-*
privileges:
- create_doc
- view_index_metadata
- create_index
- names: shrink-filebeat-*
privileges:
- create_doc
- view_index_metadata
- create_index
filebeat_admin user have the following roles:
filebeat_setup
filebeat_writer
kibana_user
ingest_admin
beats_adminWell, there was a typo... I had filbeat-* instead of filebeat-*.
I also had to add the shrink-filebeat-* index privilege as my ILM policy also shrinks.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.