x-pack is installed for elasticsearch and kibana. Both elasticsearch and kibana are running.
bin/elasticsearch
bin/kibana
I login to kibana at http://localhost:5601/
From a terminal I use the following commands for testing:
curl -XPUT 'localhost:9200/idx'
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/idx]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication token for REST request [/idx]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}
From here I created a logstash writer role
POST _xpack/security/role/logstash_writer
{
"cluster": ["manage_index_templates", "monitor"],
"indices": [
{
"names": [ "logstash-*" ],
"privileges": ["write","delete","create_index"]
}
]
}
Then a logstash internal user:
POST _xpack/security/user/logstash_internal
{
"password" : "changeme",
"roles" : [ "logstash_writer"],
"full_name" : "Internal Logstash User"
}
I then ran the following command from the terminal to test the setup:
curl --user logstash_internal:changeme -XPUT 'localhost:9200/idx'
{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [logstash_internal]"}],"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [logstash_internal]"},"status":403}
If I add the superuser role to logstash_internal and run:
curl --user logstash_internal:changeme -XPUT 'localhost:9200/idx'
{"acknowledged":true,"shards_acknowledged":true}
How can I get this to work without the superuser role?