dude the indentation is all screwed up, so it’s impossible to understand what’s wrong. Can you paste your configuration and wrap it inside the triple backtick notation?
bla: "foo"
baz:
- bar: 123
which is written like this
See this
YAML formatting strikes again! I cleaned that up and boom:
36mALLOWED by { name: ‘winlogbeat/kibana can write and create its own indices’, policy: ALLOW}
36mALLOWED by { name: ‘winlogbeat/kibana can write and create its own indices’, policy: ALLOW}
Sorry for the inconvenience! I can work with this! I will keep you updated on the progress. After you said the rules were not being used I figured something was amiss and formatting is something I missed.
1 Like
I can validate that I have successfully implemented ROR with ElasticSearch and WinLogBeat using TLS Certs and username/password validation.
Adding “enable: true” in the readonlyrest.yml file was very helpful for debugging.
Then formatting YAML everything worked after a few tweaks.
A quick not on formatting in this forum: It appears that everything I post loses its formatting and some of the things that are posted might not have good formatting so never bulk copy/paste from the forums or one could struggle.
Thanks for your help! ROR rules!
1 Like
Yes, YAML is a bitch. I do my best to wrap in back ticks what people paste, but sometimes the formatting is already lost.
Any suggested solutions to mitigate this?
Yes to the </>, definitely no to the ”
i.e.
with </> code format button:
- name: "::PERSONAL_GRP::"
groups: ["Personal"]
kibana_access: rw
kibana_hide_apps: ["readonlyrest_kbn", "timelion"]
kibana_index: ".kibana_@{user}"
with quotation
- name: “::PERSONAL_GRP::”
groups: [“Personal”]
kibana_access: rw
kibana_hide_apps: [“readonlyrest_kbn”, “timelion”]
kibana_index: “.kibana_@{user}”
1 Like