I have installed and configured ELK (Elasticsearch2.2.0, Logstash2.2.2, and kibana-4.4.1-windows) and updated Elasticsearch with shield plugin to enable authentication. I have craeted new role and user in order to restrict access to specific user to access specific indices. But I got an error that says:
Error: [index_not_found_exception] no such index, with: {"index":"[logstash-*]"}
ErrorAbstract@http://localhost:5601/bundles/kibana.bundle.js?v=9693:74977:20
StatusCodeError@http://localhost:5601/bundles/kibana.bundle.js?v=9693:75139:6
respond@http://localhost:5601/bundles/kibana.bundle.js?v=9693:76344:16
checkRespForFailure@http://localhost:5601/bundles/kibana.bundle.js?v=9693:76307:8
[24]</AngularConnector.prototype.request/<@http://localhost:5601/bundles/kibana.bundle.js?v=9693:74925:8
processQueue@http://localhost:5601/bundles/commons.bundle.js?v=9693:42357:29
scheduleProcessQueue/<@http://localhost:5601/bundles/commons.bundle.js?v=9693:42373:28
$RootScopeProvider/this.$get</Scope.prototype.$eval@http://localhost:5601/bundles/commons.bundle.js?v=9693:43601:17
$RootScopeProvider/this.$get</Scope.prototype.$digest@http://localhost:5601/bundles/commons.bundle.js?v=9693:43412:16
$RootScopeProvider/this.$get</Scope.prototype.$apply@http://localhost:5601/bundles/commons.bundle.js?v=9693:43709:14
done@http://localhost:5601/bundles/commons.bundle.js?v=9693:38158:37
completeRequest@http://localhost:5601/bundles/commons.bundle.js?v=9693:38356:8
requestLoaded@http://localhost:5601/bundles/commons.bundle.js?v=9693:38297:1
There is no problem when accessing with admin account. This is the roles.yml file
Actually i have index with index names using * as a wildcard (e.g. logstash-2015.12.21) and also a index with name 'logstashstature' . I created role for accessing that index only (roles.yml).
There is no problem when logging kibana with a user has admin role.
The error you are having is because your configured role is not having access to the default index which is logstash-. I have been playing around with kibana and I noticed that in addition to the .kibana index all users must have access to the index logstash-.
Try sometime like this:
logstashstature:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
'logstashstature':
privileges: all
'.kibana':
privileges: all
'logstash-*':
privileges: all
Then create a user on shield with the role logstashstature
That is esusers useradd munees -r logstashstature -p passwordofmunees
Sorry I have updated my answer. The roles has to be logstashstature in the roles.yml file of kibana.
Does the user munees has priviledges for data/read/msearch on all the indices which are in his roles.
that is for the index logstashstucture, .kibana and logstash-*?
Try changing the name of your index maybe the issue is because the name of the index is the same as that of the role. That is change logstashstature to logstashindex.
Then make sure the index logstashindex exist in elasticsearch.
Login and query that index.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.