Logstash permission problem

I am running logstash on windows 2016 vm . I use it from administrator command line. I keep getting this message. It won't let me save my visualization on kibana and keeps me from shutting it down (ctrl+c).

This is the message:
logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"cluster_block_exception", "reason"=>"blocked by: [FORBIDDEN/12/index read-only / allow delete (api)]

My elasticsearch is operating using default configuration.

It looks like the index is read-only.

Thanks for the reply. Why would it be? Is it the default behavior? I have no indices at all if to judge by kibana.

Perhaps the ES logs contain clues? I suggest you ask in the Elasticsearch group.

Do you have any idea how I could get logstash to stop trying this batch operation? It is blocking creation of further indexes. I've tried restarting the machine but it does not help either.

Do you have security enabled? If so, have you given the Logstash user the required privileges on the index you want to write to?

Thank you for the reply. I haven't defined anything extra besides the cluster.name and node.name.

How much disk space do you have left on the node?

If you mean on the hard drive where elasticsearch is install then I have some 4 gb

That may very well be the problem, assuming that puts you over the watermark at 85-90% full...

It's closer to 80%. Could it still be the problem?

Is Elasticsearch able to write to the data directory?

How can I test that?

I haven't used Windows in a very long time, so am probably not the right person to answer that...

How would you have done that on something you do know?

On linux I would look at the data directory privileges.

I have succeeded creating a custom index. I really suspect this has something to do with logstash

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.