Audit_request_privilege indices:admin/mapping/auto_put

Attempting to post data from rsyslog to Elasticsearch, the security-auditlog index fills up with entries listing a missing privilege:

audit_request_privilege  indices:admin/mapping/auto_put

However, I can’t give that privilege to the login ID using Kibana, because Kibana says there’s no such privilege.

  • If you want to use Kibana I think you should be able to create an Action Group (Permissions → Create action group) with the permission and then add the action group to the role.
  • Alternatively you should be able to use the API.
  • As a third and worst alternative you could add indices:admin/mapping/* to the role.

Hi @meta did you manage to resolve the permission issue using above mentioned method?