Hi,
from the documentation I see a sort of role seperation between setting up filebeat and shipping data using filebeat: https://www.elastic.co/guide/en/beats/filebeat/master/feature-roles.html (setup role and writer role).
But in my filebeat.yml i can provide only one user, which is used to push the logs into elastic cluster, like so:
filebeat:
# List of inputs.
inputs:
[{"paths": ["/path/logs/*.log"], "type": "log"}]
# Configure what outputs to use when sending the data collected by the beat.
# Multiple outputs may be used.
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["https://elastic01.com:9200", "https://elastic02.com:9200", "https://elastic03.com:9200"]
username: "filebeat_write_user"
password: "${FILEBEAT_WRITE_USER}"
ssl.certificate_authorities: ["/cert/path/ca.crt"]
The user I use there has the writer role
When I now start filebeat it leads to errors:
[indices:admin/template/put] is unauthorized for user [filebeat_write_user]"},"status":403}.
What is meant by "setup role" how I can "setup" all the templaes without starting filebeat and shipping logs?