ERROR when creating roles (

Good day everyone,

I was wondering if anyone encountered the error below when running the file. Following the instructions in this link: Integrating Elastic Stack security :: SIREN DOCS

Creating investigate_system role...
{"error":{"root_cause":[{"type":"invalid_index_name_exception","reason":"Invalid index name [_security], must not start with '_', '-', or '+'","index_uuid":"_na_","index":"_security"}],"type":"invalid_index_name_exception","reason":"Invalid index name [_security], must not start with '_', '-', or '+'","index_uuid":"_na_","index":"_security"},"status":400}

May I please ask if there are specific values that needs to be entered when asked the questions mentioned in Integrating Elastic Stack security :: SIREN DOCS when running the script.

Elasticsearch username: [elastic]:    
Elasticsearch password: 
Elasticsearch URL [http://localhost:9200]:
Investigate system indices prefix [.siren]: 
Prefix for data indices managed through Investigate [siren]: 
Index pattern matching indices readable by Investigate users [data-*]:
curl flags: 

I just entered the defaults to the following questions and encountered the error.

Thank you!

Hi Edgar,

Can you please confirm the ES version you are using also we have different scripts based on subscription:

Are you using the correct script as per your subscription?

Manu Agarwal

Hi Manu!

Thank you for the prompt response. I am currently using the following:

Siren Platform 13.1.0 (running on Docker)
Docker Image: siren-platform-easy-start:13.1.0 (Community Edition)
Federate Version: 7.17.7-29.1 on ES 7.17.7

For the script, I am currently using the script for Basic subscriptions.

I am also encountering this error on the script.

{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"Invalid type: expecting [role] but got [user]"}],"type":"illegal_argument_exception","reason":"Invalid type: expecting [role] but got [user]"},"status":400}

Thank you!

following up! @Manu_Agarwal

Thank you so much!!

Hi Edgar,

We tested it and everything is working fine on our side.

Did you have security enabled in elasticsearch.yml file: setting is true on each node in your cluster.

Once it is enabled first script to run is to create the roles and then run the

Please check and if it is still the same issue please share your elasticsearch.yml config file.


Hi Manu,

Thank you for your response, quick question, when using the basic license (hence the files for basic license) does it not allow for data ingestion? When trying to ingest data from DB, I am encountering this error.

Here’s my config:

siren.connector.username: federate
siren.connector.password: sievepw123
siren.connector.encryption.enabled: true
siren.connector.encryption.secret_key: ""

Thank you!

It looks like the federate user doesn’t have access to create any index.

Please check the role definition of the federate_system it should have all the privileges.


Hi Manu!

Thanks for the reply. Yup this is my expectation as well that the federate_system role would have this permission. Does this mean that the script provided in Siren’s documentation by default doesn’t have this?

Thank you!

Hi Edgar,

Yes , we need to update those scripts.