Monitor events in Logstash

Hello Colleagues,

i wanted to be informed when specified Logentries appears in ELK.

I found something in this direction on the icinga website and with a bit “fummelei” i get it to fly.
It’s a Logstashfilter and output who pushes passive checks into icinga via an API-User.

My question: what rights needs this user?
I want to keep it as secure as much.

Thank you!

Depends what it needs to do. I would start simple with just granting it the process-check-result action permission. If you’re planning to use downtimes and notifications, add these permissions as well.