- Metricbeat Reference: other versions:
- Overview
- Getting started with Metricbeat
- Setting up and running Metricbeat
- Upgrading Metricbeat
- How Metricbeat works
- Configuring Metricbeat
- Specify which modules to run
- Specify general settings
- Load external configuration files
- Configure the internal queue
- Configure the output
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- Autodiscover
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- metricbeat.reference.yml
- Modules
- Aerospike module
- Apache module
- Ceph module
- Couchbase module
- Docker module
- Dropwizard module
- Elasticsearch module
- Elasticsearch cluster_stats metricset
- Elasticsearch index metricset
- Elasticsearch index_recovery metricset
- Elasticsearch index_summary metricset
- Elasticsearch ml_job metricset
- elasticsearch ml_job MetricSet
- Elasticsearch node metricset
- Elasticsearch node_stats metricset
- Elasticsearch pending_tasks metricset
- elasticsearch pending_tasks MetricSet
- Elasticsearch shard metricset
- envoyproxy module
- Etcd module
- Golang module
- Graphite module
- HAProxy module
- HTTP module
- Jolokia module
- Kafka module
- Kibana module
- Kubernetes module
- Kubernetes apiserver metricset
- Kubernetes container metricset
- Kubernetes event metricset
- Kubernetes node metricset
- Kubernetes pod metricset
- Kubernetes state_container metricset
- Kubernetes state_deployment metricset
- Kubernetes state_node metricset
- Kubernetes state_pod metricset
- Kubernetes state_replicaset metricset
- Kubernetes state_statefulset metricset
- Kubernetes system metricset
- Kubernetes volume metricset
- kvm module
- Logstash module
- Memcached module
- MongoDB module
- Munin module
- MySQL module
- Nginx module
- PHP_FPM module
- PostgreSQL module
- Prometheus module
- RabbitMQ module
- Redis module
- System module
- System core metricset
- System cpu metricset
- System diskio metricset
- System filesystem metricset
- System fsstat metricset
- System load metricset
- System memory metricset
- System network metricset
- System process metricset
- System process_summary metricset
- System raid metricset
- System socket metricset
- System uptime metricset
- traefik module
- uwsgi module
- vSphere module
- Windows module
- ZooKeeper module
- Exported fields
- Aerospike fields
- Apache fields
- Beat fields
- Ceph fields
- Cloud provider metadata fields
- Common fields
- Couchbase fields
- Docker fields
- Docker fields
- Dropwizard fields
- Elasticsearch fields
- envoyproxy fields
- Etcd fields
- Golang fields
- Graphite fields
- HAProxy fields
- Host fields
- HTTP fields
- Jolokia fields
- Kafka fields
- Kibana fields
- Kubernetes fields
- Kubernetes fields
- kvm fields
- Logstash fields
- Memcached fields
- MongoDB fields
- Munin fields
- MySQL fields
- Nginx fields
- PHP_FPM fields
- PostgreSQL fields
- Prometheus fields
- RabbitMQ fields
- Redis fields
- System fields
- traefik fields
- uwsgi fields
- vSphere fields
- Windows fields
- ZooKeeper fields
- Monitoring Metricbeat
- Securing Metricbeat
- Troubleshooting
- Contributing to Beats
Secrets keystore for secure settings
editSecrets keystore for secure settings
editWhen you configure Metricbeat, you might need to specify sensitive settings, such as passwords. Rather than relying on file system permissions to protect these values, you can use the Metricbeat keystore to securely store secret values for use in configuration settings.
After adding a key and its secret value to the keystore, you can use the key in place of the secret value when you configure sensitive settings.
The syntax for referencing keys is identical to the syntax for environment variables:
${KEY}
Where KEY is the name of the key.
For example, imagine that the keystore contains a key called ES_PWD with the
value yourelasticsearchpassword:
-
In the configuration file, use
output.elasticsearch.password: "${ES_PWD}" -
On the command line, use:
-E "output.elasticsearch.password=\${ES_PWD}"
When Metricbeat unpacks the configuration, it resolves keys before resolving environment variables and other variables.
Notice that the Metricbeat keystore differs from the Elasticsearch keystore.
Whereas the Elasticsearch keystore lets you store elasticsearch.yml values by
name, the Metricbeat keystore lets you specify arbitrary names that you can
reference in the Metricbeat configuration.
To create and manage keys, use the keystore command. See the
command reference for the full command syntax, including
optional flags.
The keystore command must be run by the same user who will run
Metricbeat.
Create a keystore
editTo create a secrets keystore, use:
metricbeat keystore create
Metricbeat creates the keystore in the directory defined by the path.config
configuration setting.
Add keys
editTo store sensitive values, such as authentication credentials for Elasticsearch,
use the keystore add command:
metricbeat keystore add ES_PWD
When prompted, enter a value for the key.
To overwrite an existing key’s value, use the --force flag:
metricbeat keystore add ES_PWD --force
To pass the value through stdin, use the --stdin flag. You can also use
--force:
cat /file/containing/setting/value | metricbeat keystore add ES_PWD --stdin --force
List keys
editTo list the keys defined in the keystore, use:
metricbeat keystore list
Remove keys
editTo remove a key from the keystore, use:
metricbeat keystore remove ES_PWD
On this page