I am trying to connect logstash to elasticsearch. Both are on my local machine. I am using https.
Logstash reports error 403. Viz:
`
{:code=>403, :url=>"https://localhost:9200/_bulk?filter_path=errors,items.*.error,items.*.status", :content_length=>2080, :body=>"{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:data/write/bulk] is unauthorized for user [logstash_system] with effective roles [logstash_system], this action is granted by the index privileges [create_doc,create,delete,index,write,all]"}]
logstash_system user is a built-in user in Elasticsearch and it has a limited set of permissions, mainly for system operations like monitoring. It does not have permissions to write data to indices.
You can create a new user with the necessary permissions or use an existing user that has these permissions.
In the "Roles" section, assign the logstash_writer role to the user. This role has the necessary permissions to write data to indices.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.