elastic version=6.6.1
search guard version=24.1
searchguard kibana version=18.1
I am facing this issue and I have not managed to resolve it
elasticsearch_1 | [2019-03-12T12:09:26,517][INFO ][c.f.s.p.PrivilegesEvaluator] [qQekPb0] No index-level perm match for User [name=logstash, roles=[logstash], requestedTenant=null] Resolved [aliases=[], indices=[my_index], allIndices=[my_index], types=[*], isAll()=false, isEmpty()=false] [Action [indices:admin/create]] [RolesChecked [sg_own_index, sg_logstash]]
elasticsearch_1 | [2019-03-12T12:09:26,523][INFO ][c.f.s.p.PrivilegesEvaluator] [qQekPb0] No permissions for [indices:admin/create]
logstash_1 | [2019-03-12T12:09:26,739][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]"})
logstash_1 | [2019-03-12T12:09:26,741][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]"})
logstash_1 | [2019-03-12T12:09:26,744][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]"})
logstash_1 | [2019-03-12T12:09:26,744][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>3}
logstash.conf → https://pastebin.com/raw/RpseY5Et
filebeat.yml → https://pastebin.com/raw/7Zm869Ww
sg_roles.yml → https://pastebin.com/raw/vmV2kuE8
any ideas what it might be wrong?
The index name in your roles definition is not correct. According to the error message the index is called:
my_index
(with an underscore)
But in the logstash role you have;
‘my-index’:
‘*’:
- CRUD
- CREATE_INDEX
(with a dash)
···
On Tuesday, March 12, 2019 at 1:19:13 PM UTC+1, marketing.vyrona@gmail.com wrote:
elastic version=6.6.1
search guard version=24.1
searchguard kibana version=18.1
I am facing this issue and I have not managed to resolve it
elasticsearch_1 | [2019-03-12T12:09:26,517][INFO ][c.f.s.p.PrivilegesEvaluator] [qQekPb0] No index-level perm match for User [name=logstash, roles=[logstash], requestedTenant=null] Resolved [aliases=[], indices=[my_index], allIndices=[my_index], types=[*], isAll()=false, isEmpty()=false] [Action [indices:admin/create]] [RolesChecked [sg_own_index, sg_logstash]]
elasticsearch_1 | [2019-03-12T12:09:26,523][INFO ][c.f.s.p.PrivilegesEvaluator] [qQekPb0] No permissions for [indices:admin/create]
logstash_1 | [2019-03-12T12:09:26,739][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]"})
logstash_1 | [2019-03-12T12:09:26,741][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]"})
logstash_1 | [2019-03-12T12:09:26,744][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]"})
logstash_1 | [2019-03-12T12:09:26,744][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>3}
logstash.conf → https://pastebin.com/raw/RpseY5Et
filebeat.yml → https://pastebin.com/raw/7Zm869Ww
sg_roles.yml → https://pastebin.com/raw/vmV2kuE8
any ideas what it might be wrong?