I haven't managed to solve the permissions yet no, that just down to me never having used curl before and trying to work out the command for it - I've also only just got back into work after last night.
The value for "action.auto_create_index:" was set to true (I was playing around with settings as suggested by another user who wasn't very familiar", i've just changed that back to * like I had it set before, and now get this when trying to launch elasticsearch;
https://pastebin.com/f9dT9cyk
Edit: i've changed that to .* which gives me the error below;
2018-04-12T09:48:18,385][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>404, :action=>["index", {:_id=>nil, :_index=>"filebeat-6.2.3-2018.04.12", :_type=>"doc", :_routing=>nil}, #<LogStash::Event:0x27ba0465>], :response=>{"index"=>{"_index"=>"filebeat-6.2.3-2018.04.12", "_type"=>"doc", "_id"=>nil, "status"=>404, "error"=>{"type"=>"index_not_found_exception", "reason"=>"no such index and [action.auto_create_index] ([.*]) doesn't match", "index_uuid"=>"_na_", "index"=>"filebeat-6.2.3-2018.04.12"}}}}
Stopping the elastic search service & starting it up again, regardless of changing settings causes kibana to output the following error;
{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred"}
This appears to be resolved by setting the auto_create_index setting to .* instead of -*
Checking the elasticsearch status after stopping the service gives the message
elasticsearch dead but subsys locked
I'm going to have another go assigning those permissions and see where we get to. I'm not sure why elasticsearch is now getting unhappy with being stopped/started - I'm having to delete the elasticsearch file in /var/lock/subsys every time I stop the service or it gets unhappy.