I am setting up Logstash to write events in Elasticsearch, and am configuring some security as well, e.g. I intend to use basic user/password authentication. In that sense, I have already created a role called
logstash_write as indicated in the documentation, and have also created a user for Logstash and mapped that role to such user.
Everything is working fine. My question is: do I have to create the
logstash_reader role as well, and assign it to my Logstash user? Don't know if at some point Logstash needs to read something from the indices it creates.
Thanks in advance.