I'm on v8.6 of the ELK stack and working on some new custom log parsing. It looks like the configuration is reading our initial test data properly, however it appears the built-in Fleet API account is missing some permissions and is unable to create the index:
{"type":"security_exception","reason":"action [indices:admin/auto_create] is unauthorized for API key id [KEYID] of user [elastic/fleet-server] on indices [logs-connectedclients-default], this action is granted by the index privileges [auto_configure,create_index,manage,all]"}, dropping event!
Since this was automatically setup when configuring Fleet, I don't have a way to adjust the permissions since the accounts / roles are all built-in.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.