Role that would allow a user to create index in ES


I am looking for a role that would allow a user to create indices in ES.

Basically I want to avoid assigning "superuser" role.

Please guide on what role can I assign? My configuration for ELK7.6.2 stack looks like below:

 elasticsearch {
     hosts => [ "xx-xx-xxx:23045" ]
     user => "pwatcher"
     password => "xxxxxxxx"
     index => "abcd.pwatcher_events-%{+YYYY.MM.dd}"
     manage_template => true
     template_overwrite => true
     template => "/opt/tal/ptal/elasticsearch/app/logstash/config/pwatcher_template.json"
     template_name => "pwatcher"


Were you looking for something like this?

POST _xpack/security/role/logstash_writer
  "cluster": ["manage_index_templates", "monitor", "manage_ilm"], 
  "indices": [
      "names": [ "abcd.pwatcher_events-*" ], 
      "privileges": ["write","create","create_index","manage","manage_ilm"]  

This will allow LogStash to write an index

Best regards

Thanks. How about reading an index in ES?

is there a read_index privilege too?

Yes, the privilege is called read (see here for details


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.