This functionality is experimental and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but experimental features are not subject to the support SLA of official GA features.
« Configure authentication credentials Configure Journalbeat to use encrypted connections »
Elastic Docs Journalbeat Reference [6.7] Securing Journalbeat Configure Journalbeat to use X-Pack security

Grant users access to Journalbeat indices

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Grant users access to Journalbeat indices

edit

To enable users to access the indices Journalbeat creates, grant them read and view_index_metadata privileges on the Journalbeat indices. If they’re using Kibana, they also need the kibana_user role.

  1. Create a reader role that has the read and view_index_metadata privileges on the Journalbeat indices.

    You can create roles from the Management > Roles UI in Kibana or through the role API. For example, the following request creates a role named journalbeat_reader:

    POST _xpack/security/role/journalbeat_reader
{
  "indices": [
    {
      "names": [ "journalbeat-*" ], 
      "privileges": ["read","view_index_metadata"]
    }
  ]
}

    If you use a custom Journalbeat index pattern, specify that pattern instead of the default journalbeat-* pattern.

  2. Assign your users the reader role so they can access the Journalbeat indices. For Kibana users who need to visualize the data, also assign the kibana_user role:

    1. If you’re using the native realm, you can assign roles with the Management > Users UI in Kibana or through the user API. For example, the following request grants journalbeat_user the journalbeat_reader and kibana_user roles:

      POST /_xpack/security/user/journalbeat_user
{
  "password" : "YOUR_PASSWORD",
  "roles" : [ "journalbeat_reader","kibana_user"],
  "full_name" : "Journalbeat User"
}

    2. If you’re using the LDAP, Active Directory, or PKI realms, you assign the roles in the role_mapping.yml configuration file. For example, the following snippet grants Journalbeat User the journalbeat_reader and kibana_user roles:

      journalbeat_reader:
  - "cn=Journalbeat User,dc=example,dc=com"
kibana_user:
  - "cn=Journalbeat User,dc=example,dc=com"

      For more information, see Using Role Mapping Files.

« Configure authentication credentials Configure Journalbeat to use encrypted connections »