使用只读rest插件访问logstash
[英]logstash access with readonly rest plugin
问题描述
we have a problem with the readonly rest plugin for elasticsearch: we don't get logstash running when the plugin is enabled.
我们对 elasticsearch 的 readonly rest 插件有一个问题:启用插件后,我们没有运行 logstash。 We use logstash with filebeat.我们将 logstash 与 filebeat 一起使用。 Can this be the problem?这可能是问题吗? The logstash config is below. logstash 配置如下。 The error message:错误信息:
[401] Forbidden {:class=>"Elasticsearch::Transport::Transport::Errors::Unauthorized", :level=>:error}
In elasticsearch we have defined the roles as you see below.在 elasticsearch 中,我们定义了如下所示的角色。
readonlyrest:
enable: true
response_if_req_forbidden: <h1>Forbidden</h1>
access_control_rules:
- name: Developer (reads only logstash indices, but can create new charts/dashboards)
auth_key: dev:dev
type: allow
kibana_access: ro+
indices: ["<no-index>", ".kibana*", "logstash*", "default"]
- name: Kibana Server (we trust this server side component, full access granted via HTTP authentication)
auth_key: admin:passwd1
type: allow
- name: "Logstash can write and create its own indices"
auth_key: logstash:logstash
type: allow
actions: ["cluster:*", "indices:data/read/*","indices:data/write/*","indices:admin/*"]
indices: ["logstash*", "filebeat-*", "<no_index>"]
the logstash config:
output{
elasticsearch {
hosts => ["localhost:9200"]
manage_template => true
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
document_id => "%{fingerprint}"
user => ["logstash"]
password => ["logstash"]
}
}
1 个解决方案
解决方案1
1 已采纳 2016-06-02 13:31:48
I believe you are not giving logstash the ability to create indexes with your setup.我相信您没有赋予 logstash 使用您的设置创建索引的能力。 It can write and read, but I am not seeing create.它可以读写,但我没有看到创建。
From the example of the website, can you change your logstash config to:从网站的示例中,您可以将您的 logstash 配置更改为:
- name: "Logstash can write and create its own indices"
auth_key: logstash:logstash
type: allow
actions: ["indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create"]
indices: ["logstash-*", "<no_index>"]
This setup works for me.这个设置对我有用。
I don't think it has anything to do with filebeat since the output doesn't actually talk to filebeat anymore?我认为它与 filebeat 没有任何关系,因为输出实际上不再与 filebeat 对话了? But then again, I am using file inputs instead.但话又说回来,我改用文件输入。
Hope that solves the issue.希望能解决问题。
Artur阿图尔
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.