Logstash 8.11 reports error 403

andrew3 · January 31, 2024, 7:16pm

I am trying to connect logstash to elasticsearch. Both are on my local machine. I am using https.

Logstash reports error 403. Viz:

`

{:code=>403, :url=>"https://localhost:9200/_bulk?filter_path=errors,items.*.error,items.*.status", :content_length=>2080, :body=>"{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:data/write/bulk] is unauthorized for user [logstash_system] with effective roles [logstash_system], this action is granted by the index privileges [create_doc,create,delete,index,write,all]"}]

`

Any help appreciated! Thks. (edited)

Rios · January 31, 2024, 8:40pm

The user logstash_system doesn't have rights on your index or you haven't set password in output elasticsearch.

yago82 · January 31, 2024, 8:58pm

Hi,

logstash_system user is a built-in user in Elasticsearch and it has a limited set of permissions, mainly for system operations like monitoring. It does not have permissions to write data to indices.

You can create a new user with the necessary permissions or use an existing user that has these permissions.

In the "Roles" section, assign the logstash_writer role to the user. This role has the necessary permissions to write data to indices.

Regards

Rios · January 31, 2024, 9:08pm

Yes, this is much better approach, please use logstash_writer or a dedicated user for your index.

logstash_system - The user Logstash uses when storing monitoring information in Elasticsearch.

system · February 28, 2024, 9:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.