Winlogbeat features that require authorizationedit

After securing Winlogbeat, make sure your users have the roles (or associated privileges) required to use these Winlogbeat features. Note that some of the roles shown here are built-in, and some are user-defined.

Feature Role

Send data to a secured cluster

winlogbeat_writer [a]

Load index templates

winlogbeat_writer [a] and kibana_user

Load Winlogbeat dashboards into Kibana

winlogbeat_writer [a] and kibana_user

Load machine learning jobs

machine_learning_admin

Read indices created by Winlogbeat

winlogbeat_reader [a]

View Winlogbeat dashboards in Kibana

kibana_user

Load index lifecycle policies and use index lifecycle management

winlogbeat_ilm [a]

[a] These roles are user-defined.

To create the user-defined roles shown here, see Configure authentication credentials and Grant users access to Winlogbeat indices. You may want to define additional roles to provide more restrictive access.