- Metricbeat Reference: other versions:
- Overview
- Getting started with Metricbeat
- Setting up and running Metricbeat
- Upgrading Metricbeat
- How Metricbeat works
- Configuring Metricbeat
- Specify which modules to run
- Specify general settings
- Load external configuration files
- Configure the internal queue
- Configure the output
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- Autodiscover
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- metricbeat.reference.yml
- Beats central management
- Modules
- Aerospike module
- Apache module
- Ceph module
- Couchbase module
- Docker module
- Dropwizard module
- Elasticsearch module
- Elasticsearch ccr metricset
- Elasticsearch cluster_stats metricset
- Elasticsearch index metricset
- Elasticsearch index_recovery metricset
- Elasticsearch index_summary metricset
- Elasticsearch ml_job metricset
- elasticsearch ml_job MetricSet
- Elasticsearch node metricset
- Elasticsearch node_stats metricset
- Elasticsearch pending_tasks metricset
- elasticsearch pending_tasks MetricSet
- Elasticsearch shard metricset
- envoyproxy module
- Etcd module
- Golang module
- Graphite module
- HAProxy module
- HTTP module
- Jolokia module
- Kafka module
- Kibana module
- Kubernetes module
- Kubernetes apiserver metricset
- Kubernetes container metricset
- Kubernetes event metricset
- Kubernetes node metricset
- Kubernetes pod metricset
- Kubernetes state_container metricset
- Kubernetes state_deployment metricset
- Kubernetes state_node metricset
- Kubernetes state_pod metricset
- Kubernetes state_replicaset metricset
- Kubernetes state_statefulset metricset
- Kubernetes system metricset
- Kubernetes volume metricset
- kvm module
- Logstash module
- Memcached module
- MongoDB module
- Munin module
- MySQL module
- Nginx module
- PHP_FPM module
- PostgreSQL module
- Prometheus module
- RabbitMQ module
- Redis module
- System module
- System core metricset
- System cpu metricset
- System diskio metricset
- System filesystem metricset
- System fsstat metricset
- System load metricset
- System memory metricset
- System network metricset
- System process metricset
- System process_summary metricset
- System raid metricset
- System socket metricset
- System socket_summary metricset
- System uptime metricset
- traefik module
- uwsgi module
- vSphere module
- Windows module
- ZooKeeper module
- Exported fields
- Aerospike fields
- Apache fields
- Beat fields
- Ceph fields
- Cloud provider metadata fields
- Common fields
- Couchbase fields
- Docker fields
- Docker fields
- Dropwizard fields
- Elasticsearch fields
- envoyproxy fields
- Etcd fields
- Golang fields
- Graphite fields
- HAProxy fields
- Host fields
- HTTP fields
- Jolokia fields
- Kafka fields
- Kibana fields
- Kubernetes fields
- Kubernetes fields
- kvm fields
- Logstash fields
- Memcached fields
- MongoDB fields
- Munin fields
- MySQL fields
- Nginx fields
- PHP_FPM fields
- PostgreSQL fields
- Prometheus fields
- RabbitMQ fields
- Redis fields
- System fields
- traefik fields
- uwsgi fields
- vSphere fields
- Windows fields
- ZooKeeper fields
- Monitoring Metricbeat
- Securing Metricbeat
- Troubleshooting
- Contributing to Beats
Secure communication with Elasticsearch
editSecure communication with Elasticsearch
editTo secure the communication between Metricbeat and Elasticsearch, you can use HTTPS and basic authentication. Basic authentication for Elasticsearch is available when you enable X-Pack security (see Securing the Elastic Stack and Use X-Pack security). If you aren’t using X-Pack security, you can use a web proxy instead.
Here is a sample configuration:
output.elasticsearch: username: metricbeat password: verysecret protocol: https hosts: ["elasticsearch.example.com:9200"]
|
The username to use for authenticating to Elasticsearch. |
|
|
The password to use for authenticating to Elasticsearch. |
|
|
This setting enables the HTTPS protocol. |
|
|
The IP and port of the Elasticsearch nodes. |
To obfuscate passwords and other sensitive settings, use the secrets keystore.
Metricbeat verifies the validity of the server certificates and only accepts trusted certificates. Creating a correct SSL/TLS infrastructure is outside the scope of this document.
By default Metricbeat uses the list of trusted certificate authorities from the operating system where Metricbeat is running. You can configure Metricbeat to use a specific list of CA certificates instead of the list from the OS. You can also configure it to use client authentication by specifying the certificate and key to use when the server requires the Beat to authenticate. Here is an example configuration:
output.elasticsearch: username: metricbeat password: verysecret protocol: https hosts: ["elasticsearch.example.com:9200"] ssl.certificate_authorities: - /etc/pki/my_root_ca.pem - /etc/pki/my_other_ca.pem ssl.certificate: "/etc/pki/client.pem" ssl.key: "/etc/pki/key.pem"
|
The list of CA certificates to trust |
|
|
The path to the certificate for SSL client authentication |
|
|
The client certificate key |
For any given connection, the SSL/TLS certificates must have a subject
that matches the value specified for hosts, or the SSL handshake fails.
For example, if you specify hosts: ["foobar:9200"], the certificate MUST
include foobar in the subject (CN=foobar) or as a subject alternative name
(SAN). Make sure the hostname resolves to the correct IP address. If no DNS is available, then
you can associate the IP address with your hostname in /etc/hosts
(on Unix) or C:\Windows\System32\drivers\etc\hosts (on Windows).