If I haven’t missed anything (Ill have a closer look) permisions and assumed roles looks all good.
Can you run a search in Dev Tools on syslog-* index?
something like:
GET /syslog-*_search
Do you get an expected result if not, what does the log say?
can you share the:
curl -XGET "http://localhost:9200/_plugins/_security/api/roles/"
best,
mj