- Journalbeat Reference for 6.5-7.15:
- Overview
- Getting started with Journalbeat
- Setting up and running Journalbeat
- Configuring Journalbeat
- Configure inputs
- Specify general settings
- Configure the internal queue
- Configure the output
- Set up index lifecycle management
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Set up project paths
- Set up the Kibana endpoint
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- journalbeat.reference.yml
- Exported fields
- Monitoring Journalbeat
- Securing Journalbeat
- Troubleshooting
Configure Journalbeat to use X-Pack security
editConfigure Journalbeat to use X-Pack security
editIf you want Journalbeat to connect to a cluster that has X-Pack security enabled, there are extra configuration steps:
-
Configure authentication credentials.
To send data to a secured cluster through the
elasticsearchoutput, Journalbeat needs to authenticate as a user who can manage index templates, monitor the cluster, create indices, and read and write to the indices it creates. -
Grant users access to Journalbeat indices.
To search the indexed Journalbeat data and visualize it in Kibana, users need access to the indices Journalbeat creates.
-
Configure Journalbeat to use encrypted connections.
If encryption is enabled on the cluster, you need to enable HTTPS in the Journalbeat configuration.
-
Set the password for the built-in monitoring user.
Journalbeat uses the
beats_systemuser to send monitoring data to Elasticsearch. If you plan to monitor Journalbeat in Kibana and have not yet set up the password, set it up now.
For more information about X-Pack security, see Securing the Elastic Stack.