[indices:data/write/bulk[s]] is unauthorized for user [loader-user]"})

I am starting a new pipeline on one of my logstash servers, but when I start the service I get this error.

Jun 29 10:50:00 mryt2ls02 logstash: [2020-06-29T10:50:00,449][INFO ][logstash.outputs.elasticsearch][TrendMicro] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"action [indices:data/write/bulk[s]] is unauthorized for user [loader-user]"})

To be honest I don't have a clue why I am getting this error if the loader-user is a user that is working in this server with other pipelines and it is working on other nodes on my cluster with some other logstash pipelines with no issues.

I already tried using a superuser and adding the superuser role to this user and it works for a few minutes, when I used a superuser user the new index from this pipeline was created but a few minutes later the logstash service stopped.

Then I added the superuser role to this user and restarted the logstash service but again, it load some documents, from 330 to 590 documents into the same index and then again the logstash service stopped after 2 minutes.

Any clue what am I missing?

Thank you in advance.

No body helping a friend??

There is not a lot to go on. Which version are you using? How is your cluster set up? What does your Logstash config look like? What does you user and role definitions look like? Is there anything in the Elasticsearch logs around this?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.