Logstash works but put a lot of 403 errors in log

SzymonZy · July 16, 2021, 12:05pm

Hello

I have setup els and it seems to work beside many errors:
"Got response code '403' contacting Elasticsearch at URL 'https://localhost:9200/logstash'", : exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError

logstash_writter role has cluster privileges:
monitor
manage_index_template
manage_ilm

on index logstash:
write, create, create_index, manage_ilm, delte.

beats output is setup as follow:
output {
elasticsearch {
hosts => ["localhost:9200"]
ssl => true
user => "logstash_internal"
password => "*************"
cacert => '/etc/logstash/ca.pem'
}
}

Verified index setting:
"index.blocks.read_only_allow_delete": "false"
so it should be writable

I'm running out of ideas what kind of permission could be missing.

AquaX · July 16, 2021, 1:16pm

You should define the name of the index in your output, I suspect that it is trying to create a new index (not named logstash) that the user logstash_internal does not have the rights to do.

system · August 13, 2021, 1:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash new install: response code '403' contacting Elasticsearch Logstash	1	2064	April 16, 2021
Logstash -> Elastic 403 permission issue Logstash elastic-stack-security	1	1621	May 13, 2020
Logstash 8.11 reports error 403 Logstash	4	385	February 28, 2024
Got response code '403' contacting Elasticsearch at URL Logstash elastic-stack-security	5	1447	February 15, 2023
Got response code '403' contacting Elasticsearch at URL 'http://localhost:9200/ Logstash elastic-stack-security	3	3698	July 25, 2022

Logstash works but put a lot of 403 errors in log

Related topics