Functionbeat Cannot index event - security_exception

carl0s · March 7, 2022, 11:05pm

After upgrading to 7.17 none of my logs are being processed, lots of 403 errors:

{
    "type": "security_exception",
    "reason": "action [indices:data/write/bulk[s]] is unauthorized for API key id [<removed>] of user [<removed>] on indices [functionbeat], this action is granted by the index privileges [create_doc,create,delete,index,write,all]"
}

The API key docs here Grant access using API keys | Functionbeat Reference [7.17] | Elastic don't seem to be any different to when I originally set up my api key. I did try create a new api key and added create, index and write to the index privileges but that didn't help.

Anyone seeing something similar or have any idea what I need to do to fix it? I'm hesitant to upgrade to 8 without fixing this first, but that would be a last resort.

Cheers

Carl

system · April 5, 2022, 1:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Security_exception: action [indices:admin/open] is unauthorized for user Beats winlogbeat	1	511	October 16, 2019
Action [indices:data/write/bulk[s]] is unauthorized for API key id of user [ ] Elasticsearch elastic-stack-security	4	4090	October 24, 2022
Filebeat doesn't publish logs without "write" permission on index Beats elastic-stack-security , filebeat	6	674	May 3, 2023
ELK-functionbeat-not-able-to-push-data Beats functionbeat	1	403	September 5, 2022
Index lifecycle error security_exception, permission issue Beats filebeat	1	466	November 4, 2019

Functionbeat Cannot index event - security_exception

Related topics