Hi Kazmi,
First of all and to avoid the Forbidden message, you have to assign the kibana_user role to the user you created.
To do it go to Security > Roles > kibana_user and assign the role to the user.
With that role, your user will be able to log in Kibana, but he won't be able to see the Kibana dashboards.
After that, you will need to create a custom role. This custom role will include permissions to see the index wazuh-*. That way the user will be able to see the dashboards corresponding to that index.
In order to see events from a specific agent, you will have to include a Document Level Security specification when creating the custom role.
In the image attached can see the new role index permissions and document level security.
The document level security is:
{
"bool": {
"must": {
"match": {
}
}
}
}
which indicates the documents (events) shown with this role are the documents with
agent.name = your specific agent name.
Assign the new role to the user following the same steps indicated to assign kibana_user and that user will only see events from the agent you specified.
I hope this helps, let me know if you have more questions!