WARNING: Version 6.1 of Filebeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Granting Users Access to Filebeat Indices
editGranting Users Access to Filebeat Indices
editTo enable users to access the indices a Filebeat creates, grant them read
and view_index_metadata
privileges on the Filebeat indices:
-
Create a role that has the
read
andview_index_metadata
privileges for the Filebeat indices. You can create roles from the Management > Roles UI in Kibana or through therole
API. For example, the following request creates afilebeat_reader
role: -
Assign your users the reader role so they can access the Filebeat indices:
-
If you’re using the
native
realm, you can assign roles with the Management > Users UI in Kibana or through theuser
API. For example, the following request grantsfilebeat_user
thefilebeat_reader
role:POST /_xpack/security/user/filebeat_user { "password" : "x-pack-test-password", "roles" : [ "filebeat_reader"], "full_name" : "Filebeat User" }
-
If you’re using the LDAP, Active Directory, or PKI realms, you assign the roles in the
role_mapping.yml
configuration file. For example, the following snippet grantsFilebeat User
thefilebeat_reader
role:filebeat_reader: - "cn=Filebeat User,dc=example,dc=com"
For more information, see Using Role Mapping Files.
-