Add user information in Logstash
In order for Logstash to send data successfully to Elasticsearch, you must configure its authentication credentials in the Logstash configuration file.
Configure Logstash to use the
logstash_internal
user and the password that you created:If you don’t mind having passwords visible in your configuration file, add the following
user
andpassword
settings in thedemo-metrics-pipeline.conf
file in your Logstash directory:...
output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => "logstash_internal"
password => "your_password"
}
}
Specify the
logstash_internal
user that you created earlier in this tutorial.Specify the password that you chose for this user ID.
If you prefer not to put your user ID and password in the configuration file, store them in a keystore instead.
Run the following commands to create the Logstash keystore and add the secure settings:
set +o history
export LOGSTASH_KEYSTORE_PASS=mypassword
set -o history
./bin/logstash-keystore create
./bin/logstash-keystore add ES_USER
./bin/logstash-keystore add ES_PWD
You can optionally protect access to the Logstash keystore by storing a password in an environment variable called
LOGSTASH_KEYSTORE_PASS
. For more information, see Keystore password.When prompted, specify the
logstash_internal
user and its password for theES_USER
andES_PWD
values.The Logstash keystore differs from the Kibana keystore. Whereas the Kibana keystore enables you to store
kibana.yml
settings by name, the Logstash keystore enables you to create arbitrary names that you can reference in the Logstash configuration. To learn more, see Secrets keystore for secure settings.You can now use these
ES_USER
andES_PWD
keys in your configuration file. For example, add theuser
andpassword
settings in thedemo-metrics-pipeline.conf
file as follows:...
output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => "${ES_USER}"
password => "${ES_PWD}"
}
}
Start Logstash by using the appropriate method for your environment.
For example, to run Logstash from a command line, go to the Logstash directory and enter the following command:
./bin/logstash -f demo-metrics-pipeline.conf
To start Logstash as a service, see Running Logstash as a service on Debian or RPM.
If you were connecting directly from Metricbeat to Elasticsearch, you would need to configure authentication credentials for the Elasticsearch output in the Metricbeat configuration file. In Getting started with the Elastic Stack, however, you configured Metricbeat to send the data to Logstash for additional parsing, so no extra settings are required in Metricbeat. For more information, see Securing Metricbeat.
Start Metricbeat by using the appropriate method for your environment.
For example, on macOS, run the following command from the Metricbeat directory:
./metricbeat -e
For more methods, see Starting Metricbeat.
Wait a few minutes for new data to be sent from Metricbeat to Logstash and Elasticsearch.