Grant privileges and roles needed for monitoring
editGrant privileges and roles needed for monitoring
editElasticsearch security features provides built-in users and roles for monitoring. The privileges and roles needed depend on the method used to collect monitoring data.
Important note for Elastic Cloud users
Built-in users are not available when running our hosted Elasticsearch Service on Elastic Cloud. To send monitoring data securely, create a monitoring user and grant it the roles described in the following sections.
-
If you’re using internal collection to collect metrics about Functionbeat, Elasticsearch security features provides the
beats_systembuilt-in user andbeats_systembuilt-in role to send monitoring information. You can use the built-in user, if it’s available in your environment, or create a user who has the privileges needed to send monitoring information.If you use the
beats_systemuser, make sure you set the password.If you don’t use the
beats_systemuser:-
Create a monitoring role, called something like
functionbeat_monitoring, that has the following privileges:Type Privilege Purpose Cluster
monitorRetrieve cluster details (e.g. version)
Index
create_indexon.monitoring-beats-*indicesCreate monitoring indices in Elasticsearch
Index
create_docon.monitoring-beats-*indicesWrite monitoring events into Elasticsearch
-
Assign the monitoring role, along with the following built-in roles, to users who need to monitor Functionbeat:
Role Purpose kibana_adminUse Kibana
monitoring_userUse Stack Monitoring in Kibana to monitor Functionbeat
-