Roles required to create logs

I'm using the Node.js logger winston and winston-elasticsearch to send logs to Elastic Cloud (uses https://www.npmjs.com/package/@elastic/elasticsearch under the hood) and am using basic authentication (username & password).

I would like to create a new roll that only allows access to the functions required to add logs into Elasticsearch Cloud? Is there a built in role that is designed for this? I've tried adding the create &/or write permissions for the indexes but this doesn't work (when I add the superuser role it all works as expected)

You can create a new role and assign permission to write to certain indices.

I would give this page a read

https://www.elastic.co/guide/en/elasticsearch/reference/7.5/security-privileges.html

@VietCong I have looked at that page and have tried the create &/or write &/or create_doc permissions however these don't let the logs be created (as soon as I switch it to the superuser role it all works) - I would have thought one of these roles should have been sufficient?

Matthew,

You need to create a role with those permissions first, then assign the role to your user with role mapping. Then you should be able to do write to the index

I would take a look at this page for role creation example

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html

@VietCong Yes I've created a role using the above permissions and assigned it to the correct user such as the below however we receive no logs for a role with these permissions. As soon as the user is granted the superuser role the logs are ingested again.

Are you writing from logstash? If so what error do you see from logstash? Also if you could share your role and role mapping results for this user, that would be great

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.