I ask because so far I am failing to see why are some APIs allowed, some disallowed and some live in gray area between. The best example of “gray area” API is /system/indices/index_sets?stats=true executed as user with “Reader” role, which gives the following output:
By one hand graylog tells my user that there are no index sets configured… but at the same time it says there are 4 index sets with these IDs and this many documents.
I do recall there being an issue similar to what you’re seeing in GitHub - Graylog2/graylog2-server: Free and open source log management at one point and I could swear that our developers have already fixed it, though I can’t immediately recall if that’s the case. That said though, you can view exactly what permissions the Reader role has by using the API browser or the /authz/roles endpoint. Performing a GET yields the following info about the role:
Ha, so I assume that “partial” API response is because of “messagecount:read”.
That matches what I am observing nicely. I can read message counts, but nothing else.
Oh, you mean that the behavior I am seeing is unintentional?
Should I prepare for losing access to message counts, or for gaining access to index set names?
Purpose details
It is no big deal. I am actually (ab)using that value to get “rate of messages” per index set,
which can be obtained by querying the alias/reflector in ES and not the whole index set in Graylog.
It will be just an inconvenience to have this monitoring under “ES cluster” object instead of “graylog cluster”.