Logstash wont send x-pack monitor data to elasticsearch

[lordcosmos1978]

I setup logstash with authentication using a default user logstash and data is being pushed to my cluster correctly.

The only thing missing is x-pack monitor data for my logstash nodes.

Logstash keeps giving this error

[2019-03-26T13:50:40,586][ERROR][logstash.outputs.elasticsearch] Encountered a retryable error. Will Retry with exponential backoff {:code=>403, :url=>"http://client:9200/_xpack/monitoring/_bulk?system_id=logstash&system_api_version=2&interval=1s"}

I think I must give the logstash user the following cluster permission,"cluster:admin/xpack/monitoring*" but I am unable to select it in the searchguard kibana gui .

[Jochen Kressin]

In order to see which permission is missing for your role, please follow this guide here:

https://docs.search-guard.com/latest/troubleshooting-search-guard-permission

Regarding the config GUI: Yes, this is missing at the moment, and we have an issue at the moment with entering arbitrary values in the GUI. We are working on it. In the meantime you would need to use the REST API directly, or use sgadmin:

https://docs.search-guard.com/latest/rest-api-roles

Sorry for the inconvenience!