Security_exception in logstash log: indices:admin/auto_create is unauthorized for user

cotjoey · April 7, 2021, 8:21pm

Hello,

I configured fluentd to forward logs to Logstash (7.10) and the Elasticsearch output throws the following error:

[2021-04-07T17:17:11,390][INFO ][logstash.outputs.elasticsearch][main][2662b9682e97be5de9346f00d190e82e317c2c2078c5cf5de05e3d5114ff1081] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"action [indices:admin/auto_create] is unauthorized for user [logstash_internal]"})

[2021-04-07T17:17:11,391][INFO ][logstash.outputs.elasticsearch][main][2662b9682e97be5de9346f00d190e82e317c2c2078c5cf5de05e3d5114ff1081] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>1}

My user "logstash_internal" has been assigned a role. That role has privileges, but "indices:admin/auto_create" is not one that is available to assign to it.

Can anyone help me find which permission I need to assign to my role? I tried "auto_configure", but that didn't work.

Thank you for your help,
Joey

TimV · April 8, 2021, 1:55am

auto_configure should work. What went wrong?

cotjoey · April 8, 2021, 9:56am

The same exact error showed up in the logs:

action [indices:admin/auto_create] is unauthorized for user [logstash_internal]

system · May 6, 2021, 9:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.