Elasticsearch role for Graylog

gorek · February 2, 2021, 5:17pm

I’m using native authentication for my Elasticsearch cluster.
I would like to create a user with the least privileges necessary for Graylog to function.
In another post I found:

Graylog needs to be able to create indices and do all housekeeping on them

So I created Elasticsearch role for graylog user as below:

POST _security/role/graylog_user
{
“indices” : [
{
“names”: [“graylog_*”,“gl-*”],
“privileges” : [ “all” ]
}
]
}

and assign role to user.
After starting Graylog I can see in logs:

ERROR [Cluster] Couldn’t read cluster health for indices [graylog_*, gl-events_*, gl-system-events_*]

When I assign superuser role to graylog user everything works perfect.
Have graylog user need any other privileges? Which exactly?

jan · February 4, 2021, 8:01pm

gorek · February 9, 2021, 9:22pm

Good example is better than 1000 words
My user had lacked permission for cluster.
After adding cluster privileges “monitor” and “manage_index_templates” everything works

Thank you for help Jan

system · February 23, 2021, 9:23pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch permissions Graylog Central (peer support)	1	513	September 2, 2020
Elasticsearch user permissions Graylog Central (peer support)	3	792	July 5, 2019
OpenSearch security example for Graylog Graylog Central (peer support)	5	1578	March 22, 2023
Unusual behaviour while using elasticsearch non super user Graylog Central (peer support)	5	1010	August 12, 2019
AWS Elasticsearch Graylog Central (peer support)	1	754	January 29, 2020

Elasticsearch role for Graylog

Related topics