Logstash 8.11 reports error 403

I am trying to connect logstash to elasticsearch. Both are on my local machine. I am using https.

Logstash reports error 403. Viz:


{:code=>403, :url=>"https://localhost:9200/_bulk?filter_path=errors,items.*.error,items.*.status", :content_length=>2080, :body=>"{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:data/write/bulk] is unauthorized for user [logstash_system] with effective roles [logstash_system], this action is granted by the index privileges [create_doc,create,delete,index,write,all]"}]


Any help appreciated! Thks. (edited)

The user logstash_system doesn't have rights on your index or you haven't set password in output elasticsearch.


logstash_system user is a built-in user in Elasticsearch and it has a limited set of permissions, mainly for system operations like monitoring. It does not have permissions to write data to indices.

You can create a new user with the necessary permissions or use an existing user that has these permissions.

In the "Roles" section, assign the logstash_writer role to the user. This role has the necessary permissions to write data to indices.


1 Like

Yes, this is much better approach, please use logstash_writer or a dedicated user for your index.

logstash_system - The user Logstash uses when storing monitoring information in Elasticsearch.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.