WARNING: Version 6.1 of Filebeat has passed its EOL date.

This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.

« Configuring Authentication Credentials for Filebeat Configuring Filebeat to use Encrypted Connections »

› › ›

Granting Users Access to Filebeat Indices

edit

Granting Users Access to Filebeat Indices

edit

To enable users to access the indices a Filebeat creates, grant them read and view_index_metadata privileges on the Filebeat indices:

Create a role that has the read and view_index_metadata privileges for the Filebeat indices. You can create roles from the Management > Roles UI in Kibana or through the role API. For example, the following request creates a filebeat_reader role:
```
POST _xpack/security/role/filebeat_reader
{
  "indices": [
    {
      "names": [ "filebeat-*" ], 
      "privileges": ["read","view_index_metadata"]
    }
  ]
}
```
If you use a custom Filebeat index pattern, specify that pattern instead of the default filebeat-* pattern.
Assign your users the reader role so they can access the Filebeat indices:
1. If you’re using the native realm, you can assign roles with the Management > Users UI in Kibana or through the user API. For example, the following request grants filebeat_user the filebeat_reader role:
```
POST /_xpack/security/user/filebeat_user
{
  "password" : "x-pack-test-password",
  "roles" : [ "filebeat_reader"],
  "full_name" : "Filebeat User"
}
```
2. If you’re using the LDAP, Active Directory, or PKI realms, you assign the roles in the role_mapping.yml configuration file. For example, the following snippet grants Filebeat User the filebeat_reader role:
```
filebeat_reader:
  - "cn=Filebeat User,dc=example,dc=com"
```
  For more information, see Using Role Mapping Files.

« Configuring Authentication Credentials for Filebeat Configuring Filebeat to use Encrypted Connections »