[beats receivers] Logs contain security exceptions for metrics-elastic_agent.collector-default #10277
Description
Using a Fleet managed 9.2.0-SNAPSHOT agent the logs contain security exceptions attempting to write to the metrics-elastic_agent.collector-default index.
{"log.level":"error","@timestamp":"2025-10-02T21:11:27.345Z","message":"failed to index document","log.origin.stack_trace":"github.com/open-telemetry/opentelemetry-collector-contrib/exporter/elasticsearchexporter.flushBulkIndexer\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/exporter/[email protected]/bulkindexer.go:540\ngithub.com/open-telemetry/opentelemetry-collector-contrib/exporter/elasticsearchexporter.(*syncBulkIndexerSession).Flush\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/exporter/[email protected]/bulkindexer.go:205\ngithub.com/open-telemetry/opentelemetry-collector-contrib/exporter/elasticsearchexporter.(*sessionList).Flush.func1\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/exporter/[email protected]/exporter.go:613\ngolang.org/x/sync/errgroup.(*Group).Go.func1\n\tgolang.org/x/[email protected]/errgroup/errgroup.go:93","log.origin":{"file.line":540,"file.name":"[email protected]/bulkindexer.go","function":"github.com/open-telemetry/opentelemetry-collector-contrib/exporter/elasticsearchexporter.flushBulkIndexer"},"resource":{"service.instance.id":"afd06acf-37d5-44cd-934d-e452c3c1736a","service.name":"/opt/Elastic/Agent/data/elastic-agent-9.2.0-SNAPSHOT-e917e0/elastic-agent","service.version":"9.2.0"},"otelcol.component.kind":"exporter","otelcol.signal":"logs","error.type":"security_exception","error.reason":"","ecs.version":"1.6.0","otelcol.component.id":"elasticsearch/_agent-component/monitoring","index":"metrics-elastic_agent.collector-default","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2025-10-02T21:12:27.424Z","message":"failed to index document","error.type":"security_exception","ecs.version":"1.6.0","log.origin.stack_trace":"github.com/open-telemetry/opentelemetry-collector-contrib/exporter/elasticsearchexporter.flushBulkIndexer\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/exporter/[email protected]/bulkindexer.go:540\ngithub.com/open-telemetry/opentelemetry-collector-contrib/exporter/elasticsearchexporter.(*syncBulkIndexerSession).Flush\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/exporter/[email protected]/bulkindexer.go:205\ngithub.com/open-telemetry/opentelemetry-collector-contrib/exporter/elasticsearchexporter.(*sessionList).Flush.func1\n\tgithub.com/open-telemetry/opentelemetry-collector-contrib/exporter/[email protected]/exporter.go:613\ngolang.org/x/sync/errgroup.(*Group).Go.func1\n\tgolang.org/x/[email protected]/errgroup/errgroup.go:93","log.origin":{"file.line":540,"file.name":"[email protected]/bulkindexer.go","function":"github.com/open-telemetry/opentelemetry-collector-contrib/exporter/elasticsearchexporter.flushBulkIndexer"},"otelcol.component.id":"elasticsearch/_agent-component/monitoring","otelcol.component.kind":"exporter","index":"metrics-elastic_agent.collector-default","error.reason":"","resource":{"service.instance.id":"afd06acf-37d5-44cd-934d-e452c3c1736a","service.name":"/opt/Elastic/Agent/data/elastic-agent-9.2.0-SNAPSHOT-e917e0/elastic-agent","service.version":"9.2.0"},"otelcol.signal":"logs","ecs.version":"1.6.0"}The metrics-elastic_agent.collector-default data stream there is not writable without adding it to the list of known monitoring data streams in Fleet in https://github.com/elastic/kibana/blob/eed21dbca87029b245c44f5d8d4d64c9f491c877/x-pack/platform/plugins/shared/fleet/common/constants/agent_policy.ts#L17-L35
It may also need he data stream to be defined in
https://github.com/elastic/integrations/tree/main/packages/elastic_agent
Otherwise we'll see index security exceptions in the logs for every collection period for every Fleet managed agent.