Metricbeat User Permission

#1

Hi,
I am trying to create an user for metricbeat for sending metrics to elasticsearch with limited access (creating the metricbeat indices and adding logs into it). I am getting this error after configuring the metricbeat user:
Exiting: Error importing Kibana dashboards: fail to create the Elasticsearch loader: Error creating Elasticsearch client: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch https://elk-central.noodle.ai:9200: 403 Forbidden: {"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=metricbeat-client, roles=[metricbeat-client], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=metricbeat-client, roles=[metricbeat-client], requestedTenant=null]"},"status":403}]

The configuration for role:

My metricbeat.yml file is:

metricbeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    # Reload module configs as they change:
    reload.enabled: false

metricbeat.autodiscover:
  providers:
    - type: docker
      hints.enabled: true

metricbeat.modules:
  - module: docker
    metricsets:
      - "container"
      - "cpu"
      - "diskio"
      - "healthcheck"
      - "info"
      #- "image"
      - "memory"
      - "network"
    hosts: ["unix:///var/run/docker.sock"]
    period: 10s
    enabled: true

tags: ["${ES_IDENTIFIER}"]

processors:
  - add_cloud_metadata: ~
  - add_host_metadata: ~


output.elasticsearch:
  hosts: ["https://${ELK_HOST}:9200"]
  index: "metricbeat-${ES_IDENTIFIER}-%{+yyyy.MM.dd}"
  username: ${METRICBEAT_USER}
  password: ${METRICBEAT_PASSWORD}
  ssl.certificate_authorities: ["/crts/certificate.crt"]
 
setup.template.name: "metricbeat-${ES_IDENTIFIER}"
setup.template.pattern: "metricbeat-${ES_IDENTIFIER}-*"


setup.kibana.host: "${ELK_HOST}:5601"
setup.kibana.protocol: "https"
setup.kibana.ssl.enabled: true
setup.kibana.ssl.verification_mode: full
setup.kibana.ssl.certificate_authorities: ["/crts/ca.pem"]
setup.dashboards.index: "metricbeat-${ES_IDENTIFIER}-*"
setup.dashboards.enabled: true

Please help…

For now I am pushing metrics using admin user.

#2

Can anyone help me out with this?

#3

Solved it.

Current user configuration:

#4

@Nishant from the screenshots it looks like you have configured cluster level permissions. Can you share what your “Index Permissions” are?

#5

@elifish

#6

Can you add CLUSTER_MONITOR to your cluster permissions?

Metrics Beats may also be trying to create index templates so could you try adding the following to the cluster permissions?

  • indices:admin/template/get
  • indices:admin/template/put

On your index permissions can you use CRUD and CREATE INDEX?

1 Like
#7

It worked… Thanks.
So my cluster level permission containes CLUSTER_MONITOR, INDICES_ALL and index level permission containes CRUD, CREATE_INDEX, indices:admin/template/get and *indices:admin/template/put

#8

That looks right. You should be able to drop INDICES_ALL from the cluster level permissions since you have the specific indices:admin/template/get and indices:admin/template/put explicitly defined.

#9

Yes, it is working fine…