I have setup the ELK stack and also installed x-pack plugin. I then created a new user. Now whenever I run the following command it gives me this response.
{"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:monitor/main] is unauthorized for user [adminuser]"}],"type":"security_exception","reason":"action [cluster:monitor/main] is unauthorized for user [adminuser]"},"status":403}
and when I list the users. I see the following output
./users list adminuser : -
the adminuser is a superuser
Now I don't see any logs shipped through filebeat either. Can this be an issue? How do I fix this?
@TimV , @Christian_Dahlqvist : I did ./users roles adminuser -r superuser assuming that it will assign a role to the user. But looks like it didn't. Am I doing it right?
Also I have installed x-pack for kibana and also for Logstash. Do I have to create users/roles in these as well? I have already created users in Kibana UI (Browser).
I'm not quite understanding the setup process here. What I'm trying to do is, I need to have user/role based authentication in Kibana so that some of my team members will only get "Read-Only" like privilege.
I see that without these proper authentication process ElasticSearch is not accepting any logs from LogStash. But if I remove x-pack from ES, Logstash and Kibana, the logs are displayed in Kibana as usual.
When running the roles sub-command a -r is a remove option.
The command you ran remove the superuser role from adminuser.
You can see the help text for by running
bin/x-pack/users roles --help
With respect to your other questions:
No, users are only created in Elasticsearch. The other products in the Elastic Stack use Elasticsearch as their user store where applicable. However, you will need to configure those products so that they can authenticate to Elasticsearch.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.