Hello everyone,
So i’m trying to add multiple output with different names into logstash
output { if [type] == "JSON"{ elasticsearch { hosts => ["localhost:9200"] index => "JSON-%{+YYYY.MM.dd}" document_type => "JSON" #+++ sa Added by scr-sop-af-config-elksandbox. Do not remove this line. user => "logstash" #--- sa Added by scr-sop-af-config-elksandbox. Do not remove this line. #+++ sa Added by scr-sop-af-config-elksandbox. Do not remove this line. password => "logstash" #--- sa Added by scr-sop-af-config-elksandbox. Do not remove this line. } } if [type] == "SYS"{ elasticsearch { hosts => ["localhost:9200"] index => "SYS-%{+YYYY.MM.dd}" document_type => "SYS" #+++ sa Added by scr-sop-af-config-elksandbox. Do not remove this line. user => "logstash" #--- sa Added by scr-sop-af-config-elksandbox. Do not remove this line. #+++ sa Added by scr-sop-af-config-elksandbox. Do not remove this line. password => "logstash" #--- sa Added by scr-sop-af-config-elksandbox. Do not remove this line. } } }
But I’ve this error when I restart all services:
Jun 03 07:09:39 qvisbcld0047 logstash[7167]: [2019-06-03T07:09:39,737][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]”})
Jun 03 07:09:39 qvisbcld0047 logstash[7167]: [2019-06-03T07:09:39,737][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]”})
Jun 03 07:09:39 qvisbcld0047 logstash[7167]: [2019-06-03T07:09:39,744][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]”})
Jun 03 07:09:39 qvisbcld0047 logstash[7167]: [2019-06-03T07:09:39,744][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]”})
Jun 03 07:09:39 qvisbcld0047 logstash[7167]: [2019-06-03T07:09:39,744][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]”})
Jun 03 07:09:39 qvisbcld0047 logstash[7167]: [2019-06-03T07:09:39,744][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]”})
Jun 03 07:09:39 qvisbcld0047 logstash[7167]: [2019-06-03T07:09:39,745][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]”})
Jun 03 07:09:39 qvisbcld0047 logstash[7167]: [2019-06-03T07:09:39,745][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]”})
Jun 03 07:09:39 qvisbcld0047 logstash[7167]: [2019-06-03T07:09:39,745][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]”})
Jun 03 07:09:39 qvisbcld0047 logstash[7167]: [2019-06-03T07:09:39,745][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>30}
I’ve added this into the “sg_roles.yml” but it didn’t work :
indices:
‘':
'’:
- ALL
How can I fix this please ?
sg_config.yml (9.6 KB)
sg_roles.yml (6.2 KB) elasticsearch.yml.example (9.3 KB)