Logs UI along with spaces

I created a space called 'dev' and then created objects like index-pattern, visualization and dashboards etc .. And then a role with read permission to that space and read access to the related indexes. Created a user 'dev-user' under that role.

But now when I login as admin [navigate to the dev space], I am able to view the the logs in Logs UI.

But when login as dev-user [navigate to the dev space], I am only seeing message " Looks like you don't have any metrics indices.". Even though I am able to view the dashboards without problem with all visualizations.

How can I provide dev-user access to view the logs in Logs-UI ?.

@sl1729 For the Infrastructure UI, the users will need read permission for the metricbeat-* indices (in Elasticsearch). The index patterns (not Kibana index pattern but the pattern used to match the data in Elasticsearch) are described here: https://www.elastic.co/guide/en/kibana/current/infrastructure-ui-settings-kb.html

Users will need to read access to the indices listed in xpack.infra.sources.default.metricAlias and xpack.infra.sources.default.logAlias. If you need to use different index patterns per space, you can set these values using the settings UI for both the Infrastructure UI and Logs UI. Whatever these values are set to, the user will need read access to the matching indices.

Apology to not mention it in previous post. I am using 6.6.2 version of the stack.

"xpack.infra.sources.default.logAlias" setting is set to logs-* (this is the index under which filebeat logs are redirected).

metric beat index is the default one.

After I give access to index logs-* and metricbeat-*, I get the below error, when navigating to either Logs UI or Infrastructure UI.

"Error: GraphQL error: [security_exception] action [indices:admin/aliases/get] is unauthorized for user [appl-user]"

In order to support the use of aliases, the infra ui currently requires the manage permission on the alias name and the target indices.

Thanks for the reply, I tested and it is working.

But with the manage access and having the dev tools option available, the developer is also able to drop or modify the index. Hope we should be able to achieve it with only read permission in future.

Hm, that is true. You could check whether the view_index_metadata permission is sufficient, because the Logs UI doesn't really need write access to the aliases.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.