No permissions for for indices:data/write/index and indices:data/write/bulk[s] and User [name=logsta

I’m having a problem when giving output from logstash to elasticsearch. I don’t retrieve anything in discovery dashboard. Then when i check my logstash log, i found this problem:

[2018-02-06T02:57:36,236][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>1}

[2018-02-06T02:57:44,252][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]”})

[2018-02-06T02:57:44,252][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>1}

[2018-02-06T02:58:00,281][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]”})

I’m already adding that permissions in sg_logstash roles in sg_roles, but that problem still arise.

Thanks.

01-wazuh.conf (1.33 KB)

elasticsearch.yml (3.96 KB)

sg_action_groups.yml (2.28 KB)

sg_config.yml (9.4 KB)

sg_internal_users.yml (1.01 KB)

sg_roles.yml (6.38 KB)

sg_roles_mapping.yml (548 Bytes)

Sorry, I have found the solution for my problem. Thanks

···

On Tuesday, February 6, 2018 at 3:13:13 AM UTC+7, Nizar Akbar Meilani wrote:

I’m having a problem when giving output from logstash to elasticsearch. I don’t retrieve anything in discovery dashboard. Then when i check my logstash log, i found this problem:

[2018-02-06T02:57:36,236][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>1}

[2018-02-06T02:57:44,252][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]”})

[2018-02-06T02:57:44,252][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>1}

[2018-02-06T02:58:00,281][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]”})

I’m already adding that permissions in sg_logstash roles in sg_roles, but that problem still arise.

Thanks.

In order to help other users that may face the same problem, it would be helpful if you could post the solution to your problem here. Thanks!

···

On Tuesday, February 6, 2018 at 4:55:47 AM UTC+1, nizarakbarm04@gmail.com wrote:

Sorry, I have found the solution for my problem. Thanks

On Tuesday, February 6, 2018 at 3:13:13 AM UTC+7, Nizar Akbar Meilani wrote:

I’m having a problem when giving output from logstash to elasticsearch. I don’t retrieve anything in discovery dashboard. Then when i check my logstash log, i found this problem:

[2018-02-06T02:57:36,236][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>1}

[2018-02-06T02:57:44,252][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]”})

[2018-02-06T02:57:44,252][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>1}

[2018-02-06T02:58:00,281][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]”})

I’m already adding that permissions in sg_logstash roles in sg_roles, but that problem still arise.

Thanks.

Please advise what the solution was…i am facing a similar issue

···

On Tuesday, 6 February 2018 09:25:47 UTC+5:30, nizara...@gmail.com wrote:

Sorry, I have found the solution for my problem. Thanks

On Tuesday, February 6, 2018 at 3:13:13 AM UTC+7, Nizar Akbar Meilani wrote:

I’m having a problem when giving output from logstash to elasticsearch. I don’t retrieve anything in discovery dashboard. Then when i check my logstash log, i found this problem:

[2018-02-06T02:57:36,236][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>1}

[2018-02-06T02:57:44,252][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]”})

[2018-02-06T02:57:44,252][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>1}

[2018-02-06T02:58:00,281][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]”})

I’m already adding that permissions in sg_logstash roles in sg_roles, but that problem still arise.

Thanks.

I’m struggling with this also. The default config that came with SearchGuard used to work but now…

How did you deal with it?

···

On Monday, 5 February 2018 22:13:13 UTC+2, Nizar Akbar Meilani wrote:

I’m having a problem when giving output from logstash to elasticsearch. I don’t retrieve anything in discovery dashboard. Then when i check my logstash log, i found this problem:

[2018-02-06T02:57:36,236][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>1}

[2018-02-06T02:57:44,252][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]”})

[2018-02-06T02:57:44,252][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>1}

[2018-02-06T02:58:00,281][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>“security_exception”, “reason”=>“no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]”})

I’m already adding that permissions in sg_logstash roles in sg_roles, but that problem still arise.

Thanks.