diff --git a/CHANGELOG.md b/CHANGELOG.md index 909d578c..61e85778 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ - Update setup.py & requirements.txt & requirements-dev.txt - [#1316](https://github.com/jertel/elastalert2/pull/1316) - @nsano-rururu - [Docs] Clarify how to reference query_key values in flatline alerts - [#1320](https://github.com/jertel/elastalert2/pull/1320) - @jertel - Fix percentiles aggregation type in Spike Metric Aggregation rules - [#1323](https://github.com/jertel/elastalert2/pull/1323) - @jertel +- [Docs] Extend FAQ / troubleshooting section with information on Elasticsearch RBAC - [#1324](https://github.com/jertel/elastalert2/pull/1324) - @chr-b # 2.15.0 diff --git a/docs/source/recipes/faq.rst b/docs/source/recipes/faq.rst index 60b467d1..8499eaa0 100644 --- a/docs/source/recipes/faq.rst +++ b/docs/source/recipes/faq.rst @@ -37,6 +37,13 @@ to use ``foo.raw``. If you are still having trouble troubleshooting why your doc try running ElastAlert 2 with ``--es_debug_trace /path/to/file.log``. This will log the queries made to Elasticsearch in full so that you can see exactly what is happening. +Finally, but very important, if you have enabled role-based access control in Elasticsearch: make +sure that the Elasticsearch user used by ElastAlert actually has the privileges to access the +index (at least ``read`` permission). See +[ES documentation page](https://www.elastic.co/guide/en/elasticsearch/reference/current/authorization.html) +on the topic of user authorization. + + I got hits, why didn't I get an alert? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -515,4 +522,4 @@ Yelp, the developer of the original elastalert, has the following article on its `ElastAlert: Alerting At Scale With Elasticsearch, Part 1 `_. -`ElastAlert: Alerting At Scale With Elasticsearch, Part 2 `_. \ No newline at end of file +`ElastAlert: Alerting At Scale With Elasticsearch, Part 2 `_.