I have setup els and it seems to work beside many errors:
"Got response code '403' contacting Elasticsearch at URL 'https://localhost:9200/logstash'", : exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError
logstash_writter role has cluster privileges:
on index logstash:
write, create, create_index, manage_ilm, delte.
beats output is setup as follow:
hosts => ["localhost:9200"]
ssl => true
user => "logstash_internal"
password => "*************"
cacert => '/etc/logstash/ca.pem'
Verified index setting:
so it should be writable
I'm running out of ideas what kind of permission could be missing.