{ "cluster": [ "CLUSTER_MONITOR", "CLUSTER_COMPOSITE_OPS", "indices:admin/template/get", "indices:admin/template/put", "cluster:admin/ingest/pipeline/get", "cluster:admin/ingest/pipeline/put", "indices:admin/create" ], "indices": { "logstash-*": { "*": [ "CRUD", "CREATE_INDEX" ] }, "a[0-9]{6}-events-*": { "*": [ "CRUD", "CREATE_INDEX", "indices:admin/create" ] }, "*beat*": { "*": [ "CRUD", "CREATE_INDEX" ] } }, "tenants": {}}
elasticsearch { hosts => ["host1:9200","host2.81:9200"] flush_size => 4000 index => "a%{application_id}-events-%{+YYYY.MM.dd}" document_type => "%{type}" document_id => "%{fingerprint}" ssl => true cacert => "/tmp/intermediate-ca.pem" user => "logstash" password => "logstash" }
[2019-03-21T03:46:07,555][INFO ][c.f.s.p.PrivilegesEvaluator] [host1-ingest-node-0]No index-level perm match for User [name=logstash, roles=[logstash], requestedTenant=null] Resolved [aliases=[], indices=[a200067-events-2019.03.18], allIndices=[a200067-events-2019.03.18], types=[*], isAll()=false, isEmpty()=false] [Action [indices:admin/create]] [RolesChecked [sg_logstash, sg_own_index]][2019-03-21T03:46:07,555][INFO ][c.f.s.p.PrivilegesEvaluator] [host1-ingest-node-0]No permissions for [indices:admin/create]
--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/37afb255-aff5-4bf7-876e-a39e8a86c46d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
<sg_action_groups.yml>
<sg_config.yml>
<sg_internal_users.yml>
<sg_roles_mapping.yml>
<sg_roles.yml>
starts with a%{application_id}-events-%{+YYYY.MM.dd}"
from logstash output section but logstash user doesn't have access. Logstash user has only access for index starts with logstash and beats.Append below highlighted content under sg_losgatsh section to in sg_roles.yaml.
sg_logstash:
Thanks Sundar.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c4dce817-dcc1-4f24-a1a6-be157a730b26%40googlegroups.com.