I setup logstash with authentication using a default user logstash and data is being pushed to my cluster correctly.
The only thing missing is x-pack monitor data for my logstash nodes.
Logstash keeps giving this error
[2019-03-26T13:50:40,586][ERROR][logstash.outputs.elasticsearch] Encountered a retryable error. Will Retry with exponential backoff {:code=>403, :url=>“http://client:9200/_xpack/monitoring/_bulk?system_id=logstash&system_api_version=2&interval=1s”}
I think I must give the logstash user the following cluster permission,“cluster:admin/xpack/monitoring*” but I am unable to select it in the searchguard kibana gui .
In order to see which permission is missing for your role, please follow this guide here:
Regarding the config GUI: Yes, this is missing at the moment, and we have an issue at the moment with entering arbitrary values in the GUI. We are working on it. In the meantime you would need to use the REST API directly, or use sgadmin:
Sorry for the inconvenience!
···
On Tuesday, March 26, 2019 at 2:55:30 PM UTC+1, lordcosmos1978 wrote:
I setup logstash with authentication using a default user logstash and data is being pushed to my cluster correctly.
The only thing missing is x-pack monitor data for my logstash nodes.
Logstash keeps giving this error
[2019-03-26T13:50:40,586][ERROR][logstash.outputs.elasticsearch] Encountered a retryable error. Will Retry with exponential backoff {:code=>403, :url=>“http://client:9200/_xpack/monitoring/_bulk?system_id=logstash&system_api_version=2&interval=1s”}
I think I must give the logstash user the following cluster permission,“cluster:admin/xpack/monitoring*” but I am unable to select it in the searchguard kibana gui .