Logstash not appearing in monitoring (7.1.1)

With a fresh test VM set up with Elasticsearch 7.1.1 and Search Guard 7.1.1-35.0.0, I’m not seeing the usual Logstash monitoring in Kibana. The Elasticsearch log file is showing these failures repeated many times:

[2019-06-20T19:36:12,286][INFO ][c.f.s.p.PrivilegesEvaluator] [elastic7.test.vm] No cluster-level perm match for User [name=logstash, roles=[logstash], requestedTenant=null] Resolved [aliases=[*], indices=[*], allIndices=[*], types=[*], originalRequested=[], remoteIndices=[]] [Action [cluster:admin/xpack/monitoring/bulk]] [RolesChecked [SGS_LOGSTASH, SGS_OWN_INDEX]]
[2019-06-20T19:36:12,287][INFO ][c.f.s.p.PrivilegesEvaluator] [elastic7.test.vm] No permissions for [cluster:admin/xpack/monitoring/bulk]

Is the permission cluster:admin/xpack/monitoring/bulk missing from role SGS_LOGSTASH? As roles are now reserved, I don’t know how to test adding this (can it be put in the sg_roles.yml file and override the internalised one?)

(There seems to be very little discussion here about using Search Guard with 7.x - is it not being widely used yet? or is everyone but me migrating smoothly? )

We need to investigate this (internal ID is ITT-2239).

As a workaround just create a role like

logstash_xpack:
  cluster_permissions:
    - 'cluster:admin/xpack/monitoring/bulk*'

in sg_roles.yml (or the kibana admin gui) and assign it to your logstash user

Confirmed workaround, monitoring now shows up in Kibana - thanks.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.