I am running v7.7 of the stack from a ZIP install on Windows.
But I have the same issue with v7.12 running as docker container on a Mac.
I've searched and searched and either I don't know what to search for, or I don't recognize the answer when I see it.
I have a pair of ES nodes, one for ingest, hot, data the other for warm when using ILM. I am sending data from a filebeat and a metricbeat instance. I can create user, use it in the filebeat.yml and give is some pretty open privileges (like superuser) and it writes the data just fine. But there must be a better defined role for doing this without such open access. So, the question is, what are the best role privileges to assign a user for filebeat and for metricbeat?
I did. I followed the part for "Grant privileges and roles needed for publishing" (I assumed Filebeat was 'publishing' log data to ES) and I do not ingest any data. This is what prompted my question here.
2021-05-09T12:20:45.661-0500 ERROR [publisher_pipeline_output] pipeline/output.go:106 Failed to connect to backoff(elasticsearch(http://localhost:9200)): Connection marked as failed because the onConnect callback failed: failed to create alias: {"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [fb_service]"}],"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [fb_service]"},"status":403}: 403 Forbidden: {"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [fb_service]"}],"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [fb_service]"},"status":403}
Well if that works good, I guess I would have expected manage_ilm as defined by the docs I referenced above for setup, but if read_ilm works then good.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.