I’m using native authentication for my Elasticsearch cluster.
I would like to create a user with the least privileges necessary for Graylog to function.
In another post I found:
Graylog needs to be able to create indices and do all housekeeping on them
So I created Elasticsearch role for graylog user as below:
“indices” : [
“privileges” : [ “all” ]
and assign role to user.
After starting Graylog I can see in logs:
ERROR [Cluster] Couldn’t read cluster health for indices [graylog_*, gl-events_*, gl-system-events_*]
When I assign superuser role to graylog user everything works perfect.
Have graylog user need any other privileges? Which exactly?