Functionbeat Cannot index event - security_exception

After upgrading to 7.17 none of my logs are being processed, lots of 403 errors:

{
    "type": "security_exception",
    "reason": "action [indices:data/write/bulk[s]] is unauthorized for API key id [<removed>] of user [<removed>] on indices [functionbeat], this action is granted by the index privileges [create_doc,create,delete,index,write,all]"
}

The API key docs here Grant access using API keys | Functionbeat Reference [7.17] | Elastic don't seem to be any different to when I originally set up my api key. I did try create a new api key and added create, index and write to the index privileges but that didn't help.

Anyone seeing something similar or have any idea what I need to do to fix it? I'm hesitant to upgrade to 8 without fixing this first, but that would be a last resort.

Cheers

Carl

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.