Hi,
I am looking for a role that would allow a user to create indices in ES.
Basically I want to avoid assigning "superuser" role.
Please guide on what role can I assign? My configuration for ELK7.6.2 stack looks like below:
elasticsearch {
hosts => [ "xx-xx-xxx:23045" ]
user => "pwatcher"
password => "xxxxxxxx"
index => "abcd.pwatcher_events-%{+YYYY.MM.dd}"
manage_template => true
template_overwrite => true
template => "/opt/tal/ptal/elasticsearch/app/logstash/config/pwatcher_template.json"
template_name => "pwatcher"
}
Hi,
Were you looking for something like this ?
POST _xpack/security/role/logstash_writer
{
"cluster": ["manage_index_templates", "monitor", "manage_ilm"],
"indices": [
{
"names": [ "abcd.pwatcher_events-*" ],
"privileges": ["write","create","create_index","manage","manage_ilm"]
}
]
}
This will allow LogStash to write an index
Best regards
1 Like
Thanks. How about reading an index in ES?
is there a read_index privilege too?
Yes, the privilege is called read (see here for details
system
June 28, 2021, 9:05pm
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.