Hello
I have setup els and it seems to work beside many errors:
"Got response code '403' contacting Elasticsearch at URL 'https://localhost:9200/logstash'", : exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError
logstash_writter role has cluster privileges:
monitor
manage_index_template
manage_ilm
on index logstash:
write, create, create_index, manage_ilm, delte.
beats output is setup as follow:
output {
elasticsearch {
hosts => ["localhost:9200"]
ssl => true
user => "logstash_internal"
password => "*************"
cacert => '/etc/logstash/ca.pem'
}
}
Verified index setting:
"index.blocks.read_only_allow_delete": "false"
so it should be writable
I'm running out of ideas what kind of permission could be missing.