I am migrating my indices to be managed by ILM. For this, I need to modify my Logstash pipeline outputs. Here's what I'm using now:
output {
elasticsearch {
hosts => ["192.168.10.80:9200","192.168.10.81:9200","192.168.10.82:9200"]
ilm_enabled => true
ilm_rollover_alias => "ilm-network"
ilm_policy => "my_policy"
ilm_pattern => '{now/d}-000001'
user => 'ilm_pipeline'
password => '<password>'
ssl => true
cacert => '/etc/certs/elastic-stack-ca.crt.pem'
}
}
I defined a template as:
PUT _template/network_ilm
{
"order": 15,
"index_patterns": ["network-*"],
"settings": {
"index.lifecycle.name": "my_policy",
"index.routing.allocation.require.data": "hot"
"index.lifecycle.rollover_alias": "ilm-network"
}
}
I created a bootstrap index via:
PUT network-2019.08.08-000001
{
"aliases": {
"ilm-network":{
"is_write_index": true
}
}
}
I created the ilm_pipeline user with cluster privilege manage_ilm and on the index patterns network-* and ilm-* is added the index privileges read, write, manage, create, delete, manage_ilm, and create_index.
When I start logstash, I get all manner of errors in multiple pipelines, even ones not managed by ILM. If I switch this one pipeline to the built-in elastic user, everything works fine. What permissions do I need to add to the user specified in Logstash to make ILM work properly?