I am pretty green when it comes to Elastic but I recently set up a brand new stack to test ingesting a log file. I installed the Elastic Agent on a Windows machine that outputs logs to a file. I have the integration for Custom Logs set up in the policy for the agent. I created an Ingest Pipeline for these logs and when I go into Discover to see if the logs are being ingested I get the error:
Action [indices:admin/auto_create] is unauthorized for API key id [######] of user [elastic/fleet-server] on indices [logs-log-1-default], this action is granted by the index privileges [auto_configure,create_index,manage,all]"}, dropping event!
for all the lines in the log. Not sure where to go from here.