I am receiving the following error when try to ingest documents Logstash to Elasticsearch:
[2018-02-02T11:54:35,329][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]”})
Logstash output:
output {
elasticsearch {
user => logstash
password => logstash
ssl => true
ssl_certificate_verification => true
cacert => “/etc/elasticsearch/root-ca.pem”
hosts => [“https://localhost:9200”]
index => “cdrs4”
}
}
I used the demo installer. Would I need to change sg_roles.yml? I have not changed anything in this file. I am assuming I would have to add permission for indices:data/write/index, indices:data/write/bulk just not sure of the syntax and how to add it.
Thank you, Frank
I am on version 6.0.1 of Logstash and Elasticsearch.
···
On Friday, February 2, 2018 at 12:14:55 PM UTC-5, Francis Matera wrote:
I am receiving the following error when try to ingest documents Logstash to Elasticsearch:
[2018-02-02T11:54:35,329][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]”})
Logstash output:
output {
elasticsearch {
user => logstash
password => logstash
ssl => true
ssl_certificate_verification => true
cacert => “/etc/elasticsearch/root-ca.pem”
hosts => [“https://localhost:9200”]
index => “cdrs4”
}
}
I used the demo installer. Would I need to change sg_roles.yml? I have not changed anything in this file. I am assuming I would have to add permission for indices:data/write/index, indices:data/write/bulk just not sure of the syntax and how to add it.
Thank you, Frank
There are several ways how to achieve that. The easiest is to add the required permissions for your index “cdrs4” to the logstash user. If you use the config GUI, create a a new index “cdrs4” for the logstash role, and add the action groups CRUD and, if the index does not exists yet. the CREATE_INDEX.
If you use sgadmin, add the permissions to the logstash role in sg_roles.yml:
For logstash and beats
sg_logstash:
readonly: true
cluster:
indices:
‘logstash-*’:
‘*’:
‘beat’:
‘*’:
‘cdrs4’:
‘*’:
``
After that, upload the changed config with sgadmin.
···
On Friday, February 2, 2018 at 6:16:08 PM UTC+1, Francis Matera wrote:
I am on version 6.0.1 of Logstash and Elasticsearch.
On Friday, February 2, 2018 at 12:14:55 PM UTC-5, Francis Matera wrote:
I am receiving the following error when try to ingest documents Logstash to Elasticsearch:
[2018-02-02T11:54:35,329][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]”})
Logstash output:
output {
elasticsearch {
user => logstash
password => logstash
ssl => true
ssl_certificate_verification => true
cacert => “/etc/elasticsearch/root-ca.pem”
hosts => [“https://localhost:9200”]
index => “cdrs4”
}
}
I used the demo installer. Would I need to change sg_roles.yml? I have not changed anything in this file. I am assuming I would have to add permission for indices:data/write/index, indices:data/write/bulk just not sure of the syntax and how to add it.
Thank you, Frank