unauthorized for user [kibana_system] on wazuh-statistics

[Dimitri Fagart]

My Elastic / filebeat / kibana / wazuh seem's ti works.

I have curve in dashboard

But when passing elastic / kibana / filebeat to https I had a look in the log file and I have seen 2 errors (2 time the same) in kibana.log :

action [indices:admin/create] is unauthorized for user [kibana_system] with roles [kibana_system] on indices [wazuh-statistics-2023.13w], this action is granted by the index privileges [create_index,manage,all]

I am new to elastic / kibana...

I try to have a look in the users kibana_system roles autorization and did not see any right on *wazuh* ...

But this role kibana_system seem's to be locked ans not made to be modified...

Any avice to remove my error?

Thanks

[Miguel Casares]

Hello Dimitri,

The kibana_system user is meant to be used only by the Kibana application (i.e. configured in kibana.yml file) for system communication and doesn't have permissions over the wazuh-statistics file. I would recommend creating a new role with these permissions over the wazuh* indices and mapping it to the user-specified on the `kibana.yml` file. This file is located on <KIBANA_PATH>/config/kibana.yml. To do so, you can follow these steps:

- Create a role with all permissions over the wazuh* index pattern.

- Create a new internal user that extends the kibana_system user (this is, that uses the same role).

- Map the new role to the new user.

- Use this new user of the Kibana.yml file.

Reference: 
https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html
https://www.elastic.co/guide/en/kibana/current/kibana-role-management.html

I hope this helps, please don't hesitate to ask for help if you find any issues.