Logstash user permissions

stephenb · May 5, 2022, 5:25pm

From the docs...

POST _security/role/logstash_writer
{
  "cluster": ["manage_index_templates", "monitor", "manage_ilm"], 
  "indices": [
    {
      "names": [ "logstash-*", "*beats*" ], 
      "privileges": ["write","create","create_index","manage","manage_ilm"]  
    }
  ]
}

POST _security/user/logstash_internal
{
  "password" : "x-pack-test-password",
  "roles" : [ "logstash_writer"],
  "full_name" : "Internal Logstash User"
}

This is our best practice... you can take the other roles out but if anyone sets manage_template or tries to monitor logstash (which is also a best practice) it will fail... It is up to you.

The assumption is that you are properly managing the user credential that are assigned to that user and thus access to that role through use of the encrypted keystore etc.

Topic		Replies	Views
Elasticsearch cluster security permission for logstash Logstash elastic-stack-security	1	797	August 19, 2022
Elasticsearch security permission for logstash Logstash elastic-stack-security	2	1487	August 18, 2022
Logstash writer permissions Logstash	1	657	February 24, 2021
Elasticsearch output manage_template permissions Logstash	1	623	February 14, 2017
Logstash - Startup - Template, Exception in start Logstash	4	1262	June 7, 2018

Logstash user permissions

Related topics