Permission configuration for Logstash

Hi,

I’m trying to configure SG to allow Logstash to load data to some indices in my cluster.
It seems that my configuration is not working correctly, I’m receiving the following error :
“no permissions for indices:data/write/bulk”

My configuration :

  • ES 2.3.3

  • search-guard-2-2.3.3.6

  • search-guard-ssl-2.3.3.16

  • logstash configuration :
    hosts => [“http://server1:9203”,“http://server2:9203”]
    index => “%{[@metadata][indexname]}”
    document_id => “%{[@metadata][generated_id]}”
    document_type => “%{type}”
    manage_template => “false”
    user => “my_account”
    password => “my_password”
    %{[@metadata][indexname]} could be indice1-yy-mm, indice2-yy-mm,indice3-yy-mm

  • role :
    sg_logstash:
    indices:
    ‘indice1-’:
    '
    ’:
    - CRUD
    - CREATE_INDEX
    ‘indice2-’:
    '
    ’:
    - CRUD
    - CREATE_INDEX
    ‘indice3-’:
    '
    ’:
    - CRUD
    - CREATE_INDEX

Thanks for your help

I forgot 1 information : it works with the following permission :
sg_logstash:
indices:
’:
'
’:
- CRUD
- CREATE_INDEX