I have just got filebeats (7.17.1) working on a bunch of ubuntu systems. I initially tried to use API keys for authentication but got errors from filebeat "API key: invalid ApiKey value" when it connects to the ES server. I swapped to using username and password and that worked fine.
The API keys were setup :
{
"superuser": {
"cluster": [
"all"
],
"indices": [
{
"names": [
"*"
],
"privileges": [
"all"
],
"allow_restricted_indices": true
}
],
"run_as": [
"beat_ingest"
]
}
}
where beat_ingest is the user that works when not using API key.
I am trying using the run as because I was hoping to be able to change privs without generating and distributing a new key.
Have I misunderstood how this is supposed to work?