I tried to use basic authentication credentials in metricbeat.yml
I set monitor, read_ilm and read_pipeline as cluster privileges for role metricbeat_writer.
But I got 403 error code. ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://localhost:9200)): Connection marked as failed because the onConnect callback failed: error loading template: failed to load template: couldn't load template: 403 Forbidden: {"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/template/put] is unauthorized for user [metricbeat-writer] with roles [metricbeat_writer], this action is granted by the cluster privileges [manage_index_templates,manage,all]"}],"type":"security_exception","reason":"action [indices:admin/template/put] is unauthorized for user [metricbeat-writer] with roles [metricbeat_writer], this action is granted by the cluster privileges [manage_index_templates,manage,all]"},"status":403}. Response body: {"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/template/put] is unauthorized for user [metricbeat-writer] with roles [metricbeat_writer], this action is granted by the cluster privileges [manage_index_templates,manage,all]"}],"type":"security_exception","reason":"action [indices:admin/template/put] is unauthorized for user [metricbeat-writer] with roles [metricbeat_writer], this action is granted by the cluster privileges [manage_index_templates,manage,all]"},"status":403}
Please help to have a look and let me know if you need any info.
Hi, @rachelyang. After setting up authentication in Elasticsearch, did you restart the service? The error code, 403, has to do with the authentication issue. Are the credentials correct?
There is also the possibility to use keystore to keep the environment more secure.
Hi Wagner,
Thanks for your reply. I have restarted the metricbeat servicer after I upgraded the version from 7.12.1 to 7.14.1.
Here is the root cause: this action is granted by the cluster privileges [manage_index_templates,manage,all]
But I set cluster privilege to be monitor, read_ilm and read_pipeline
I also tried to use API keys to grant access, it gave me the same error .
In addition, my credentials are correct.
As I understand it, this is a problem involving a library and that occurs when the update to a more current version is performed. Take a look at this discussion:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.