-
Notifications
You must be signed in to change notification settings - Fork 6.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
logstash_internal
user unauthorized on custom indices
#687
Comments
@pkral3 thanks for reporting 👍 May I ask what indices you are writing to? The default role has permissions on the following indices:
|
Custom indices that were ok before logstash_internal are not writeable now. filter {
if [app_id] == "process1" {
grok {
match => { "message" => "\[%{TIMESTAMP_ISO8601:logtimestamp}\] \[%{LOGLEVEL:loglevel}%{SPACE}\] \[%{GREEDYDATA:hostname}\] \[%{GREEDYDATA:environment}\] \[%{GREEDYDATA:project}\] \[%{GREEDYDATA:jobname}_%{GREEDYDATA:jobversion}\] \[%{GREEDYDATA:transaction}\] - %{GREEDYDATA:logmessage}" }
}
# create an elasticsearch index per month
mutate { add_field => { "esIndex" => "process1-%{+YYYY.MM}" }}
}
} process1 index even existing from before with data in ELK, is not writeable with logstash_internal user (until it has not the role as elastic user has). It worked ok before, nok with 8.0.1 just with update. edit: formatting (@antoineco) |
@pkral3 OK that's expected because Obviously, we can not anticipate all the indices names that end users are going to target. I can recommend a few options:
|
So there is no solution just to update, build and up -d as before now. |
There is, but only if you don't use custom indices. Are you suggesting that we make The README is quite clear about docker-elk being a template. It is expected that users will use their own pipelines and configurations, and configure their users accordingly. We can't be a one-size fit all. |
logstash_internal
user unauthorized on custom indices
Closing because I think the question has been answered. To sum it up:
|
The new logstash_internal user in configs cannot write on indices in runtime (v8.0.1):
Solution: In ELK in Stack Management/Users assign to "logstash_internal" user the role as for "elastic" user
The text was updated successfully, but these errors were encountered: