- Packetbeat Reference: other versions:
- Overview
- Contributing to Beats
- Getting started with Packetbeat
- Setting up and running Packetbeat
- Upgrading Packetbeat
- Configuring Packetbeat
- Set traffic capturing options
- Set up flows to monitor network traffic
- Specify which transaction protocols to monitor
- Specify which processes to monitor
- Specify general settings
- Configure the internal queue
- Configure the output
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Export GeoIP Information
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- packetbeat.reference.yml
- Exported fields
- AMQP fields
- Beat fields
- Cassandra fields
- Cloud provider metadata fields
- Common fields
- DNS fields
- Docker fields
- Flow Event fields
- HTTP fields
- ICMP fields
- Kubernetes fields
- Memcache fields
- MongoDb fields
- MySQL fields
- NFS fields
- PostgreSQL fields
- Raw fields
- Redis fields
- Thrift-RPC fields
- TLS fields
- Transaction Event fields
- Measurements (Transactions) fields
- Monitoring Packetbeat
- Securing Packetbeat
- Visualizing Packetbeat data in Kibana
- Troubleshooting
WARNING: Version 6.2 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Packetbeat and X-Pack Security
editPacketbeat and X-Pack Security
editIf you want Packetbeat to connect to a cluster that has X-Pack Security enabled, there are extra configuration steps.
To send data to a secured cluster through the elasticsearch
output,
Packetbeat needs to authenticate as a user who can manage index templates,
monitor the cluster, create indices, and read, and write to the indices
it creates. See Configuring Authentication Credentials for Packetbeat.
If encryption is enabled on the cluster, you also need to enable HTTPS in the Packetbeat configuration. See Configuring Packetbeat to use Encrypted Connections.
In addition to configuring authentication credentials for the Packetbeat itself, you need to grant authorized users permission to access the indices it creates. See Granting Users Access to Packetbeat Indices.
For more information about X-Pack Security, see Securing Elasticsearch and Kibana.