Problems getting filebeats to work with API keys

Russell_Fulton · September 23, 2022, 12:43am

I have just got filebeats (7.17.1) working on a bunch of ubuntu systems. I initially tried to use API keys for authentication but got errors from filebeat "API key: invalid ApiKey value" when it connects to the ES server. I swapped to using username and password and that worked fine.

The API keys were setup :

{
  "superuser": {
    "cluster": [
      "all"
    ],
    "indices": [
      {
        "names": [
          "*"
        ],
        "privileges": [
          "all"
        ],
        "allow_restricted_indices": true
      }
    ],
    "run_as": [
      "beat_ingest"
    ]
  }
}

where beat_ingest is the user that works when not using API key.

I am trying using the run as because I was hoping to be able to change privs without generating and distributing a new key.

Have I misunderstood how this is supposed to work?

system · October 21, 2022, 2:43am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Configure filebeat to use API keys Beats filebeat	3	2771	January 11, 2022
Filebeat can't connect to Elastic search Beats filebeat	25	865	May 10, 2024
Authentication using apikey failed - Illegal base64 character 3a After Upgrading to 7.7.0 Beats filebeat , auditbeat	4	2058	July 10, 2020
Elasticsearch permissions required by Filebeat Beats filebeat	7	3893	November 30, 2018
Apikeys and elastic cloud Beats elastic-stack-security , filebeat , metricbeat	7	593	May 12, 2021

Problems getting filebeats to work with API keys

Related topics