Siren Platform User Guide

Security exception while using Search Guard

For example, this message:

p-f45016r31z8-yok6hzhmmii: [security_exception] no permissions for indices:data/read/search :: {\"path\":\"/logstash-2017.09.22/_search\"    ,\"query\":{},\"body\":\"{}\",\"statusCode\":403,\"response\":\"{\\\"error\\\":{\\\"root_cause\\\":[{\\\"type\\\":\\\"security_exception\    \\",\\\"reason\\\":\\\"no permissions for indices:data/read/search\\\"}],\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"no pe    rmissions for indices:data/read/search\\\"},\\\"status\\\":403}\"}"}

It says Siren Alert cannot read indices:data/read/search the logstash-2017.09.22 index. Ensure you have the following role for logstash-* indices in sg_roles.yml:

# For the kibana server
sg_kibana_server:
  indices:
    'logstash-*':
      '*':
       - indices:data/read/search

Do not forget to apply Search Guard configuration change using sgadmin.sh.