Hi everyone,
After enabling SSL communication on my Elasticsearch server (v7.14.0), i noticed an error in my logstash logs:
[ERROR][logstash.outputs.elasticsearch][main] Failed to install template {:message=>"Got response code '403' contacting Elasticsearch.........block in after_successful_connection"]
here is my Elasticsearch.yml ssl conf :
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.supported_protocols: TLSv1.3,TLSv1.2
xpack.security.http.ssl.key: /path/to/file/file.key
xpack.security.http.ssl.certificate: /path/to/file/file.crt
xpack.security.http.ssl.certificate_authorities: /path/to/file/file.crt
xpack.security.transport.ssl.key: /path/to/file/file.key
xpack.security.transport.ssl.certificate: /path/to/file/file.crt
xpack.security.transport.ssl.certificate_authorities: /path/to/file/file.crt
logger.org.elasticsearch.discovery: info
And in my logstash output plugin :
output {
elasticsearch {
hosts => "https://elastic_server_url:9200"
cacert => "/path/to/file/file.crt"
index => "my_index"
user => "elastic-user"
password => "XXXXX"
codec => "json"
}
}
The user connected has the role :
logstash_writer_role:
cluster: ['monitor']
run_as: ['{{ elasticsearch_logstash_login }}']
indices:
- names: ['{{ elasticsearch_index_name }}']
privileges: ['write']
It works fine with the superuser role. And i don't know what clusters and indexes privileges i need to add to my custom role to make it works.
Any help would be appreciate !
Thx a lot