Hello,
I configured fluentd to forward logs to Logstash (7.10) and the Elasticsearch output throws the following error:
[2021-04-07T17:17:11,390][INFO ][logstash.outputs.elasticsearch][main][2662b9682e97be5de9346f00d190e82e317c2c2078c5cf5de05e3d5114ff1081] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"action [indices:admin/auto_create] is unauthorized for user [logstash_internal]"})
[2021-04-07T17:17:11,391][INFO ][logstash.outputs.elasticsearch][main][2662b9682e97be5de9346f00d190e82e317c2c2078c5cf5de05e3d5114ff1081] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>1}
My user "logstash_internal" has been assigned a role. That role has privileges, but "indices:admin/auto_create" is not one that is available to assign to it.
Can anyone help me find which permission I need to assign to my role? I tried "auto_configure", but that didn't work.
Thank you for your help,
Joey