@David_Fuge
If you prefer JSON over the UI this should do it for Metricbeat:
PUT /_security/role/beats_writer
{
"cluster": [
"monitor",
"cluster:admin/ingest/pipeline/get"
],
"indices": [
{
"names": [
"filebeat-*"
],
"privileges": [
"create_doc"
],
"field_security": {
"grant": [
"*"
],
"except": []
},
"allow_restricted_indices": false
},
{
"names": [
"metricbeat-*"
],
"privileges": [
"create_doc"
],
"field_security": {
"grant": [
"*"
]
},
"allow_restricted_indices": false
},
{
"names": [
"heartbeat-*"
],
"privileges": [
"create_doc"
],
"field_security": {
"grant": [
"*"
]
},
"allow_restricted_indices": false
}
],
"applications": [],
"run_as": [],
"metadata": {},
"transient_metadata": {
"enabled": true
}
}
PUT /_security/role/beats_setup
{
"cluster": [
"monitor",
"manage_ilm",
"manage_ml"
],
"indices": [
{
"names": [
"filebeat-*"
],
"privileges": [
"manage",
"read"
],
"field_security": {
"grant": [
"*"
],
"except": []
},
"allow_restricted_indices": false
},
{
"names": [
"metricbeat-*"
],
"privileges": [
"manage"
],
"field_security": {
"grant": [
"*"
]
},
"allow_restricted_indices": false
},
{
"names": [
"heartbeat-*"
],
"privileges": [
"manage"
],
"field_security": {
"grant": [
"*"
]
},
"allow_restricted_indices": false
}
],
"applications": [],
"run_as": [],
"metadata": {},
"transient_metadata": {
"enabled": true
}
}
PUT /_security/user/beat-setup
{
"username": "beat-setup",
"roles": [
"beats_setup",
"kibana_user",
"ingest_admin",
"beats_admin"
],
"full_name": "Beat setup user",
"email": "",
"metadata": {},
"enabled": true,
"password": "a-really-good-password-for-setup"
}
PUT /_security/user/beat-writer
{
"username": "beat-writer",
"roles": [
"beats_writer"
],
"full_name": "Beat writer",
"email": "",
"metadata": {},
"enabled": true,
"password": "a-really-good-password-for-writer"
}