Packetbeat features that require authorizationedit

After securing Packetbeat, make sure your users have the roles (or associated privileges) required to use these Packetbeat features. Note that some of the roles shown here are built-in, and some are user-defined.

Feature Role

Send data to a secured cluster

packetbeat_writer [a]

Load index templates

packetbeat_writer [a] and kibana_user

Load Packetbeat dashboards into Kibana

packetbeat_writer [a] and kibana_user

Load machine learning jobs

machine_learning_admin

Read indices created by Packetbeat

packetbeat_reader [a]

View Packetbeat dashboards in Kibana

kibana_user

Load index lifecycle policies and use index lifecycle management

packetbeat_ilm [a]

[a] These roles are user-defined.

To create the user-defined roles shown here, see Configure authentication credentials and Grant users access to Packetbeat indices. You may want to define additional roles to provide more restrictive access.