Hi,
Not sure if this issue was already reported. Found an unusual behaviour with metricbeat.
Typically when Xpack is enabled, username and password are added in the metricbeat.yml. When the password contains the literals "$$" (consecutive $), elasticsearch fails to authorize the user.
To replicate, try having the password of a user with literals like "P@$$XXyy"
This is due to the template engine the metricbeat config. I would recommend using the Beat keystore, or just substituting $$ for $$$$ to escape the template engine.
Right now we are not documenting the behavior of $$. We should probably change that.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.