The built-in 'remote_monitoring_user' has full permissions on monitoring
indices, which is more than Metricbeat needs to collect metrics from
remote components.
Both the collection and storage of monitoring data are now performed
using the unpriviliged built-in users 'remote_monitoring_user' and
'beats_system' respectively, instead of the 'elastic' superuser.
'ecs_compatibility' is now on by default, therefore Logstash indices are
created with the naming pattern "ecs-logstash-*" when data streams are
disabled ('data_stream => false').
When data streams are disabled in Logstash's "elasticsearch" output
('data_stream => false'), Logstash falls back to managing "logstash-*"
indices and creates an index template with ILM enabled.
In this process, a write index for the alias "logstash" is created. This
step requires the "manage" privilege on the "logstash" alias.
Fixes#679
Antoine Cotten