{"type":"security_exception","reason":"action [indices:admin/auto_create] is unauthorized for API key id [y_XFOHwBVDdS0yUQQK5L] of user [elastic/fleet-server] on indices [logs-network_traffic.flow-default-2021.09.30], this action is granted by the index privileges [auto_configure,create_index,manage,all]"}, dropping event
Curious...Where did you pull that error log line from was?
Can you provide your elastic stack version / agent version method of install OS for elastic and where you deployed the agent to?
7.15
Network Traffic from Elastic-Agent Integration
From Observability Logs affecting all host Debian (RPi4) and Darwin (Mac OSX 10.13) deployed by Debian Buster 10 node
{"type":"mapper_parsing_exception","reason":"failed to parse field [tls.detailed.server_certificate_chain] of type [keyword] ... "caused_by":{"type":"illegal_state_exception","reason":"Can't get text on a START_OBJECT at 1:3620"}}, dropping event!
Not sure how Fleet Managed integrations have mapping issues for default ingestion / pipeline setups.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.