Description of collecting metrics with standalone agent miss to add a role.

[andsel]

Tell us about the issue

Description:
Following the instructions in https://www.elastic.co/guide/en/logstash/current/monitoring-with-elastic-agent.html (code ref:

logstash/docs/static/monitoring/monitoring-mb.asciidoc

Line 123 in 734405d

.. Create a user on the production cluster that has the

) a step says to assign the role remote_monitoring_collector, but that role has only read access on the indices so the ElaticAgent can't write on those indices.

It reports the error:

{"log.level":"warn","@timestamp":"2024-05-03T15:10:40.515Z","message":"Cannot index event (status=403): dropping event! Enable debug logs to view the event and cause.","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.logger":"elasticsearch","log.origin":{"file.line":454,"file.name":"elasticsearch/client.go","function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).bulkCollectPublishFails"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}

After creating a new role with create_docand auto_configure permission to indices metric-* and logs-* the ElaticAgent was able to fill data in and stopped reporting the error.

I created a new role as:

POST /_security/role/logstash_monitoring_mertics_write_role
{
  "cluster": ["monitor"],
  "indices": [
    {
      "names": [ "metrics-*", "logs-*" ],
      "privileges": ["create_doc", "auto_configure"]
    }
  ],
  "applications": [
  ]
}

and assigned to the user.

URL:

https://www.elastic.co/guide/en/logstash/current/monitoring-with-elastic-agent.html

Anything else?