Hello.
I have user called logstash and role called logstash_write. User logstash has a role logstash_write and the role is configured as follows:
Cluster privileges: all
Indices privileges: all (for all indices i create with logstash)
Kibana privileges: none
Sometimes it happens, that I don't see new messages in Kibana for particular index. Last time it was this error message:
[2019-08-09T13:53:03,155][WARN ][o.e.g.MetaStateService ] [elasticsearchNode1] [[<index_name>/<index_id>]]: failed to write index state
I can only fix this by using admin credentials for logstash in order to continue writting to index. Which is obviously dirty way. Did someone else have to deal with this?