create a dedicated role for pushing logs to data-streams
security / roles / create role nginx-write # cluster perms cluster_composite_ops index permissions: nginx-* # index perms create_index indices:admin/auto_create indices:admin/create indices:admin/data_stream/create write
and don’t forget to map some dedicated app/env user to that role
https://opensearch.org/docs/latest/security/access-control/users-roles/ ==> cluster perms