Functionbeat quick start: installation and configuration
editFunctionbeat quick start: installation and configuration
editThis guide describes how to get started quickly monitoring data from your cloud services. You’ll learn how to:
- download the Functionbeat distribution
- configure details about the cloud functions you want to deploy, including the services to monitor and triggers
- deploy the cloud functions to your serverless environment
- collect data from cloud services and ship it to the Elastic Stack
- visualize the data in Kibana
Step 1: Download Functionbeat
editThe Functionbeat distribution contains the command line tools, configuration file, and binary code required to run Functionbeat in your serverless environment.
To download and extract the package, use the commands that work with your system.
curl -L -O https://artifacts.elastic.co/downloads/beats/functionbeat/functionbeat-8.7.1-darwin-x86_64.tar.gz tar xzvf functionbeat-8.7.1-darwin-x86_64.tar.gz
curl -L -O https://artifacts.elastic.co/downloads/beats/functionbeat/functionbeat-8.7.1-linux-x86_64.tar.gz tar xzvf functionbeat-8.7.1-linux-x86_64.tar.gz
- Download the Functionbeat Windows zip file from the downloads page.
-
Extract the contents of the zip file into
C:\Program Files
.
Step 2: Connect to the Elastic Stack
editConnections to Elasticsearch and Kibana are required to set up Functionbeat.
Set the connection information in functionbeat.yml
. To locate this
configuration file, see Directory layout.
Specify the cloud.id of your Elasticsearch Service, and set cloud.auth to a user who is authorized to set up Functionbeat. For example:
-
Set the host and port where Functionbeat can find the Elasticsearch installation, and set the username and password of a user who is authorized to set up Functionbeat. For example:
output.elasticsearch: hosts: ["https://myEShost:9200"] username: "functionbeat_internal" password: "YOUR_PASSWORD" ssl: enabled: true ca_trusted_fingerprint: "b9a10bbe64ee9826abeda6546fc988c8bf798b41957c33d05db736716513dc9c"
This example shows a hard-coded password, but you should store sensitive values in environment variables.
This example shows a hard-coded fingerprint, but you should store sensitive values in environment variables. The fingerprint is a HEX encoded SHA-256 of a CA certificate, when you start Elasticsearch for the first time, security features such as network encryption (TLS) for Elasticsearch are enabled by default. If you are using the self-signed certificate generated by Elasticsearch when it is started for the first time, you will need to add its fingerprint here. The fingerprint is printed on Elasticsearch start up logs, or you can refer to connect clients to Elasticsearch documentation for other options on retrieving it. If you are providing your own SSL certificate to Elasticsearch refer to Functionbeat documentation on how to setup SSL.
-
If you plan to use our pre-built Kibana dashboards, configure the Kibana endpoint. Skip this step if Kibana is running on the same host as Elasticsearch.
The hostname and port of the machine where Kibana is running, for example,
mykibanahost:5601
. If you specify a path after the port number, include the scheme and port:http://mykibanahost:5601/path
.The
username
andpassword
settings for Kibana are optional. If you don’t specify credentials for Kibana, Functionbeat uses theusername
andpassword
specified for the Elasticsearch output.To use the pre-built Kibana dashboards, this user must be authorized to view dashboards or have the
kibana_admin
built-in role.
To learn more about required roles and privileges, see Grant users access to secured resources.
You can send data to other outputs, such as Logstash, but that requires additional configuration and setup.
Step 3: Configure cloud functions
editBefore deploying Functionbeat to your cloud provider, you need to specify details about the cloud functions that you want to deploy, including the function name and type, and the triggers that will cause the function to execute.
In functionbeat.yml
, configure the functions that you want to deploy. The
configuration settings vary depending on the type of function and cloud provider
you’re using. This section provides a an AWS example configuration.
This example configures a function called cloudwatch
that collects events from
CloudWatch Logs. When a message is sent to the specified log group, the cloud
function executes and sends message events to the configured output:
functionbeat.provider.aws.endpoint: "s3.amazonaws.com" functionbeat.provider.aws.deploy_bucket: "functionbeat-deploy" functionbeat.provider.aws.functions: - name: cloudwatch enabled: true type: cloudwatch_logs description: "lambda function for cloudwatch logs" triggers: - log_group_name: /aws/lambda/my-lambda-function
A unique name for the S3 bucket to which the functions will be uploaded. |
|
Details about the function you want to deploy, including the name of the function, the type of service to monitor, and the log groups that trigger the function. |
See AWS functions for more examples.
To test your configuration file, change to the directory where the
Functionbeat binary is installed, and run Functionbeat in the foreground with
the following options specified: ./functionbeat test config -e
. Make sure your
config files are in the path expected by Functionbeat (see Directory layout),
or use the -c
flag to specify the path to the config file.
For more information about configuring Functionbeat, also see:
- Configure Functionbeat
- Config file format
-
functionbeat.reference.yml
: This reference configuration file shows all non-deprecated options. You’ll find it in the same location asfunctionbeat.yml
.
Step 4: Set up assets
editFunctionbeat comes with predefined assets for parsing, indexing, and visualizing your data. To load these assets:
-
Make sure the user specified in
functionbeat.yml
is authorized to set up Functionbeat. -
From the installation directory, run:
./functionbeat setup -e
./functionbeat setup -e
PS > .\functionbeat.exe setup -e
-e
is optional and sends output to standard error instead of the configured log output.
This step loads the recommended index template for writing to Elasticsearch.
A connection to Elasticsearch (or Elasticsearch Service) is required to set up the initial environment. If you’re using a different output, such as Logstash, see Load the index template manually.
Step 5: Deploy Functionbeat
editTo deploy Functionbeat functions to your cloud provider, either use the Functionbeat manager, as described here, or use your own deployment infrastructure.
If you change the configuration after deploying the function, use
the update
command to update your deployment.
Deploy to AWS
edit-
Make sure you have the credentials required to authenticate with AWS. You can set environment variables that contain your credentials:
export AWS_ACCESS_KEY_ID=ABCDEFGHIJKLMNOPUSER export AWS_SECRET_ACCESS_KEY=EXAMPLE567890devgHIJKMLOPNQRSTUVZ1234KEY export AWS_DEFAULT_REGION=us-east-1
export AWS_ACCESS_KEY_ID=ABCDEFGHIJKLMNOPUSER export AWS_SECRET_ACCESS_KEY=EXAMPLE567890devgHIJKMLOPNQRSTUVZ1234KEY export AWS_DEFAULT_REGION=us-east-1
set AWS_ACCESS_KEY_ID=ABCDEFGHIJKLMNOPUSER set AWS_SECRET_ACCESS_KEY=EXAMPLE567890devgHIJKMLOPNQRSTUVZ1234KEY set AWS_DEFAULT_REGION=us-east-1
Set
AWS_DEFAULT_REGION
to the region where your services are running. - Make sure the user has the permissions required to deploy and run the function. For more information, see IAM permissions required for deployment.
-
Deploy the cloud functions.
For example, the following command deploys a function called
cloudwatch
:./functionbeat -v -e -d "*" deploy cloudwatch
./functionbeat -v -e -d "*" deploy cloudwatch
.\functionbeat.exe -v -e -d "*" deploy cloudwatch
The function is deployed to AWS and ready to send log events to the configured output.
If deployment fails, see Common problems for help troubleshooting.
Step 6: View your data in Kibana
editThere are currently no example dashboards available for Functionbeat.
To learn how to view and explore your data, see the Kibana User Guide.
What’s next?
editNow that you have your cloud data streaming into Elasticsearch, learn how to unify your logs, metrics, uptime, and application performance data.
-
Ingest data from other sources by installing and configuring other Elastic Beats:
Elastic Beats To capture Infrastructure metrics
Logs
Windows event logs
Uptime information
Application performance metrics
Audit events
-
Use the Observability apps in Kibana to search across all your data:
Elastic apps Use to Explore metrics about systems and services across your ecosystem
Tail related log data in real time
Monitor availability issues across your apps and services
Monitor application performance
Analyze security events