Search guard configuration question

elastic version=6.6.1

search guard version=24.1

searchguard kibana version=18.1

I am facing this issue and I have not managed to resolve it

elasticsearch_1 | [2019-03-12T12:09:26,517][INFO ][c.f.s.p.PrivilegesEvaluator] [qQekPb0] No index-level perm match for User [name=logstash, roles=[logstash], requestedTenant=null] Resolved [aliases=[], indices=[my_index], allIndices=[my_index], types=[*], isAll()=false, isEmpty()=false] [Action [indices:admin/create]] [RolesChecked [sg_own_index, sg_logstash]]
elasticsearch_1 | [2019-03-12T12:09:26,523][INFO ][c.f.s.p.PrivilegesEvaluator] [qQekPb0] No permissions for [indices:admin/create]
logstash_1 | [2019-03-12T12:09:26,739][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]"})
logstash_1 | [2019-03-12T12:09:26,741][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]"})
logstash_1 | [2019-03-12T12:09:26,744][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]"})
logstash_1 | [2019-03-12T12:09:26,744][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>3}

logstash.conf -> https://pastebin.com/raw/RpseY5Et
filebeat.yml -> https://pastebin.com/raw/7Zm869Ww
sg_roles.yml -> https://pastebin.com/raw/vmV2kuE8

any ideas what it might be wrong?

The index name in your roles definition is not correct. According to the error message the index is called:

my_index

(with an underscore)

But in the logstash role you have;

‘my-index’:
‘*’:
- CRUD
- CREATE_INDEX

(with a dash)

···

On Tuesday, March 12, 2019 at 1:19:13 PM UTC+1, marketing.vyrona@gmail.com wrote:

elastic version=6.6.1

search guard version=24.1

searchguard kibana version=18.1

I am facing this issue and I have not managed to resolve it

elasticsearch_1 | [2019-03-12T12:09:26,517][INFO ][c.f.s.p.PrivilegesEvaluator] [qQekPb0] No index-level perm match for User [name=logstash, roles=[logstash], requestedTenant=null] Resolved [aliases=[], indices=[my_index], allIndices=[my_index], types=[*], isAll()=false, isEmpty()=false] [Action [indices:admin/create]] [RolesChecked [sg_own_index, sg_logstash]]
elasticsearch_1 | [2019-03-12T12:09:26,523][INFO ][c.f.s.p.PrivilegesEvaluator] [qQekPb0] No permissions for [indices:admin/create]
logstash_1 | [2019-03-12T12:09:26,739][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]"})
logstash_1 | [2019-03-12T12:09:26,741][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]"})
logstash_1 | [2019-03-12T12:09:26,744][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"no permissions for [indices:admin/create] and User [name=logstash, roles=[logstash], requestedTenant=null]"})
logstash_1 | [2019-03-12T12:09:26,744][INFO ][logstash.outputs.elasticsearch] Retrying individual bulk actions that failed or were rejected by the previous bulk request. {:count=>3}

logstash.conf -> https://pastebin.com/raw/RpseY5Et
filebeat.yml -> https://pastebin.com/raw/7Zm869Ww
sg_roles.yml -> https://pastebin.com/raw/vmV2kuE8

any ideas what it might be wrong?