Getting 403 error connecting Logstash to ElasticSearch

Hello. I'm attempting to connect Logstash to ElasticSearch in a secure manner for the first time. I'm following the instructions here:

I keep getting this error:

LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError: Got response code '403' contacting Elasticsearch at URL 'http://###.##.###.###:9243/logstash'

I believe I have my user created and setup correctly. Here are the permissions for the role:

If I use the "elastic" super user, it seems to work fine. So, I must be missing a permission. As far as I can tell, I set this up just like the documentation, so I'm not sure what I'm missing here. If anyone can see anything obvious, please let me know. I would prefer not using the super user for everything :slight_smile:

Sorry, never mind. I literally found the solution right after posting this. The solution is here:

Elastic might need to update their online documentation a bit to cover this.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.