Metricbeat User Permission

Hi,
I am trying to create an user for metricbeat for sending metrics to elasticsearch with limited access (creating the metricbeat indices and adding logs into it). I am getting this error after configuring the metricbeat user:
Exiting: Error importing Kibana dashboards: fail to create the Elasticsearch loader: Error creating Elasticsearch client: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch https://elk-central.noodle.ai:9200: 403 Forbidden: {"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=metricbeat-client, roles=[metricbeat-client], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=metricbeat-client, roles=[metricbeat-client], requestedTenant=null]"},"status":403}]

The configuration for role:

My metricbeat.yml file is:

metricbeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    # Reload module configs as they change:
    reload.enabled: false

metricbeat.autodiscover:
  providers:
    - type: docker
      hints.enabled: true

metricbeat.modules:
  - module: docker
    metricsets:
      - "container"
      - "cpu"
      - "diskio"
      - "healthcheck"
      - "info"
      #- "image"
      - "memory"
      - "network"
    hosts: ["unix:///var/run/docker.sock"]
    period: 10s
    enabled: true

tags: ["${ES_IDENTIFIER}"]

processors:
  - add_cloud_metadata: ~
  - add_host_metadata: ~


output.elasticsearch:
  hosts: ["https://${ELK_HOST}:9200"]
  index: "metricbeat-${ES_IDENTIFIER}-%{+yyyy.MM.dd}"
  username: ${METRICBEAT_USER}
  password: ${METRICBEAT_PASSWORD}
  ssl.certificate_authorities: ["/crts/certificate.crt"]
 
setup.template.name: "metricbeat-${ES_IDENTIFIER}"
setup.template.pattern: "metricbeat-${ES_IDENTIFIER}-*"


setup.kibana.host: "${ELK_HOST}:5601"
setup.kibana.protocol: "https"
setup.kibana.ssl.enabled: true
setup.kibana.ssl.verification_mode: full
setup.kibana.ssl.certificate_authorities: ["/crts/ca.pem"]
setup.dashboards.index: "metricbeat-${ES_IDENTIFIER}-*"
setup.dashboards.enabled: true

Please help…

For now I am pushing metrics using admin user.

Can anyone help me out with this?

Solved it.

Current user configuration:

@Nishant from the screenshots it looks like you have configured cluster level permissions. Can you share what your “Index Permissions” are?

@elifish

Can you add CLUSTER_MONITOR to your cluster permissions?

Metrics Beats may also be trying to create index templates so could you try adding the following to the cluster permissions?

  • indices:admin/template/get
  • indices:admin/template/put

On your index permissions can you use CRUD and CREATE INDEX?

1 Like

It worked… Thanks.
So my cluster level permission containes CLUSTER_MONITOR, INDICES_ALL and index level permission containes CRUD, CREATE_INDEX, indices:admin/template/get and *indices:admin/template/put

That looks right. You should be able to drop INDICES_ALL from the cluster level permissions since you have the specific indices:admin/template/get and indices:admin/template/put explicitly defined.

Yes, it is working fine…

Nishant,

Were you able to import Elasticsearch dashboards into Kabana for Metricbeat?

I am unable to visualize my metricbeat-* data in Kibana.

There appears to be no Elasticsearch Dashboards after installing metricbeat-oss-7.3.2-amd64.deb

Can anyone Advise?

Can you share your metricbeat.yml file?

You should load dashboards from metricbeat
.\metricbeat.exe setup --dashboards
It will load all dashboards from metricbeat-7.3.2-windows-x86_64\kibana\7 folder
https://www.elastic.co/guide/en/beats/metricbeat/current/load-kibana-dashboards.html

Thanks for the response,

As I have shared in this topic, I have done all that you have suggested.

Unfortunately there does not appear to be dashboards specifically for Elasticsearch. That is the core question. I have (1) enabled the Metrobeat Elasticsearch module, (2) I am receiving the data into a metrobeat-* index in Elasticsearch, but (3) there are no Dashboards to visualize Elasticsearch metric data, Only dashboards for the system module.

The Link you sent is useless because I installed the OSS version. So I am trying to understand why I there are no Elasticsearch dashboards anywhere!

It’s cuz Elasticsearch metrics comes without a predefined dashboards and visualization .

Hi Elifish,

It looks like this permission doesnt work on ODFE 7.10.2. I am creating permissions for metricbeats but this doesnt work. Could you please confirm this?