Logstash Error after enabling xpack security

Hi,
I enabled xpack security on Elastic, then set the logstash account as per the below link:
Add user information in Logstash | Elasticsearch Reference [6.8] | Elastic

I used the keystore option. However I am getting an error still in the logstash logs:

[2020-10-23T12:30:12,313][ERROR][logstash.outputs.elasticsearch][main][cfb043992e163d077a8484921e265afe9c1f8a91be63f606c6d901995bfb6a33] Encountered a retryable error. Will Retry with exponential backoff  {:code=>403, :url=>"http://10.103.186.210:9200/_bulk"}

I did use the default logstash_system account that is pre-built into Kibana

Hello Craig,

I do not have a 6.8 version available but I checked the privileges of the logstash_admin user on my 7.9 stack and it has no write access to any index.
Have you already checked the user documentation about creating a Logstash writer?

Best regards
Wolfram

Just done that now, created new user with those permissions and added that user into the keystore. Restarted the service and get the same error.
I have a post for this open also on Reddit, someone just mentioned that it may be because the URL is pointing to HTTP and not HTTPS, would that be why it is failing to connect?

Interesting, I just added supersuer to that user account and now the error is not coming up anymore... something missing that is not on that link you sent through before

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.