Filebeats ILM permission error

trunet · January 10, 2020, 3:11pm

Hello,

Just finished configuring elasticsearch, filebeat and kibana with SSL, xpack security and ILM.

Issue is that after following https://www.elastic.co/guide/en/beats/filebeat/current/feature-roles.html and creating filebeat_admin user:

I have errors when rollover happens:
Index lifecycle error
security_exception: action [indices:admin/settings/update] is unauthorized for user [filebeat_admin]

Which role should give this permission to assign to the user?

trunet · January 13, 2020, 8:39am

anyone?

trunet · January 13, 2020, 9:22am

This is the full error:

[2020-01-13T09:20:06,143][INFO ][o.e.x.i.IndexLifecycleRunner] [elasticsearchp004.[REDACTED]] moving index [filebeat-7.5.1-2020.01.02-000004] from [{"phase":"warm","action":"set_priority","name":"ERROR"}] to [{"phase":"warm","action":"set_priority","name":"set_priority"}] in policy [filebeat-7.5.1]
[2020-01-13T09:20:06,215][ERROR][o.e.x.i.IndexLifecycleRunner] [elasticsearchp004.[REDACTED]] policy [filebeat-7.5.1] for index [filebeat-7.5.1-2020.01.02-000004] failed on step [{"phase":"warm","action":"set_priority","name":"set_priority"}]. Moving to ERROR step

roles.yml:

filebeat_setup:
  cluster:
  - monitor
  - manage_ilm
  - manage_ml
  indices:
  - names: filbeat-*
    privileges:
    - indices:admin/settings/update
    - manage
    - read
  - names: shrink-filbeat-*
    privileges:
    - indices:admin/settings/update
    - manage
    - read
filebeat_writer:
  cluster:
  - monitor
  - read_ilm
  - cluster:admin/ingest/pipeline/get
  indices:
  - names: filebeat-*
    privileges:
    - create_doc
    - view_index_metadata
    - create_index
  - names: shrink-filebeat-*
    privileges:
    - create_doc
    - view_index_metadata
    - create_index

filebeat_admin user have the following roles:

filebeat_setup
filebeat_writer
kibana_user
ingest_admin
beats_admin

trunet · January 13, 2020, 10:01am

Well, there was a typo... I had filbeat-* instead of filebeat-*.

I also had to add the shrink-filebeat-* index privilege as my ILM policy also shrinks.

system · February 10, 2020, 12:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Index lifecycle error, unauthorized for user Elasticsearch ilm-index-lifecycle-management	1	379	November 5, 2020
Index lifecycle error security_exception, permission issue Beats filebeat	1	466	November 4, 2019
Index.lifecycle.rollover_alias [filebeat-7.8.0] does not point to index Elasticsearch ilm-index-lifecycle-management	5	1237	October 29, 2020
ILM trying to rollover old index Beats ilm-index-lifecycle-management , filebeat	3	514	December 23, 2020
Filebeat Index Lifecycle Management Issue (No Data) Elasticsearch ilm-index-lifecycle-management	12	2723	June 6, 2019

Filebeats ILM permission error

Related topics