-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet] Ouput api key do not need metricbeat* access #60319
[Fleet] Ouput api key do not need metricbeat* access #60319
Conversation
Pinging @elastic/ingest-management (Feature:EPM) |
@michalpristas any news on that it is still needed by metricbeat? |
i was fixing some other things so besides it looks like it's coming from default elastic output, i dont have any information, configuration for filebeat and metricbeat looks the same, so metricbeat is maybe sending something outside of predefined set of metrics which is then stored into default index, but this is just me speculating, i dont have it verified |
Just tried it on my end and the metrics sent up are some system metrics. I assume it has to do with the config that is sent to metricbeat and some defaults are enabled. Is there a place where I can see the config which is sent to Metricbeat to be run? |
I think I found the problem. In metricbeat there is the file modules.d/system.yml which is enabled by default. If I remove this file, also the metricbeat index is not created anymore. I think it is important that agent removes all the "default magic" from Metricbeat. |
thanks for investigation @ruflin, i will take a look waht agent can do about that ideally some systematic solution |
@elasticmachine merge upstream |
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
* master: (44 commits) [Alerting] add alerting privileges for uptime and metrics (elastic#61113) Update percy agent to latest version (elastic#62089) [APM] Update central configuration text (elastic#61556) [Fleet] Ouput api key do not need metricbeat* access (elastic#60319) Document new `xpack.security.authc.*` settings and related 8.0.0 breaking changes. (elastic#61443) Migrate test plugins ⇒ NP (kbn_tp_sample_panel_action) (elastic#60749) [Alerting] Add "Start trial" button for connectors (elastic#61774) [ML] Transforms: Fix handling of default and advanced search on step summary view. (elastic#61799) [Task Manager] Change info message "ran out Available Workers" to debug (elastic#62083) [Maps] Highlight selected layer in TOC (elastic#61510) ensure pageIndex is set correclty in analytics list (elastic#62041) [ML] Functional API tests - fix mml request bodies (elastic#62116) Fix validation for index threshold when selecting an index (elastic#61615) [SIEM][Detection Engine] Adds release notes link and updates one UI section [backport] Bump to 5.1.2 (elastic#62117) [APM] .apm-agent-configuration is not created if Kibana is started while ES is not ready (elastic#61610) [Fleet] Enrollment list page (elastic#61346) [ML] Fix maximum default enabled columns for data grid. (elastic#62005) [Home][Tutorial] Add Oracle data UI (elastic#61595) [APM] Ensure telemetry data matches SO/telemetry mapping (elastic#61957) ...
Summary
Typo introduced here #60094
The fleet output API key that is used by agent and process launched by fleet agent (filebeat, metricbeat) should only have access to
metrics-*
,events-*
,logs-*
indices.