Setup vs writer role for Filebeat


from the documentation I see a sort of role seperation between setting up filebeat and shipping data using filebeat: (setup role and writer role).

But in my filebeat.yml i can provide only one user, which is used to push the logs into elastic cluster, like so:

  # List of inputs.
    [{"paths": ["/path/logs/*.log"], "type": "log"}]

# Configure what outputs to use when sending the data collected by the beat.
# Multiple outputs may be used.
  # Array of hosts to connect to.
  hosts: ["", "", ""]
  username: "filebeat_write_user"
  password: "${FILEBEAT_WRITE_USER}"
  ssl.certificate_authorities: ["/cert/path/ca.crt"]

The user I use there has the writer role
When I now start filebeat it leads to errors:

[indices:admin/template/put] is unauthorized for user [filebeat_write_user]"},"status":403}.

What is meant by "setup role" how I can "setup" all the templaes without starting filebeat and shipping logs?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.