What causes the 403 template error?

$ bin/logstash -f httpin.conf
Default settings used: Filter workers: 2
Failed to install template: [403] {"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/template/get] is unauthorized for user [logstash]"}],"type":"security_exception","reason":"action [indices:admin/template/get] is unauthorized for user [logstash]"},"status":403} {:level=>:error}
Logstash startup completed

Here is the elasticsearch output config from 'httpin.conf'

elasticsearch {
hosts =>"0ea8f6xxxxxx....found.io:9200"
ssl => false
user => "logstash"
password => "xxxxx"

Here is what I have for logstash in my shield configuration for this found instance:
logstash: $2a$12$O4VUZiPILHPgyeL1xcMElOFJuRpxWoXv8Ln1VrpkrtgUoqLz3LY7K

cluster: all
'*': all

1 Like

Be careful that you're mapping roles to users and not users to roles:

# This editor maps roles to users of that role, like this:
# role_name: user1, user2

admin: admin
readwrite: readwrite
readonly: readonly

the left hand side is the roles and the right hand side are the list of users.

If by accident you mixed these up, eg:

admin: admin
readwrite: readwrite
readonly: readonly
mynewuser: myrole

Then you'll just get denied without much more info to let you know of your mistake.