create a dedicated role for pushing logs to data-streams
security / roles / create role
nginx-write
# cluster perms
cluster_composite_ops
index permissions: nginx-*
# index perms
create_index
indices:admin/auto_create
indices:admin/create
indices:admin/data_stream/create
write
and don’t forget to map some dedicated app/env user to that role
https://opensearch.org/docs/latest/security/access-control/users-roles/ ==> cluster perms