Configure Beats and Logstash with Cloud ID

edit

The Cloud ID reduces the number of steps required to start sending data from Beats or Logstash to your hosted Elasticsearch cluster on Elastic Cloud Enterprise. Because we made it easier to send data, you can start exploring visualizations in Kibana on Elastic Cloud Enterprise that much more quickly.

Exploring data from Beats or Logstash in Kibana after sending it to a hosted Elasticsearch cluster

The Cloud ID works by assigning a unique ID to your hosted Elasticsearch cluster on Elastic Cloud Enterprise. All deployments that support the Cloud ID automatically get one. Deployments running version 5.x and later are all supported, including ones that existed before we introduced the Cloud ID.

You include your Cloud ID along with your Elastic Cloud Enterprise user credentials (defined in cloud.auth) when you run Beats or Logstash locally, and then let Elastic Cloud Enterprise handle all of the remaining connection details to send the data to your hosted cluster on Elastic Cloud Enterprise safely and securely.

The Cloud ID and `elastic` user information shown when you create a deployment

What are Beats and Logstash?

edit

Not sure why you need Beats or Logstash? Here’s what they do:

  • Beats is our open source platform for single-purpose data shippers. The purpose of Beats is to help you gather data from different sources and to centralize the data by shipping it to Elasticsearch. Beats install as lightweight agents and ship data from hundreds or thousands of machines to your hosted Elasticsearch cluster on Elastic Cloud Enterprise. If you want more processing muscle, Beats can also ship to Logstash for transformation and parsing before the data gets stored in Elasticsearch.
  • Logstash is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite place where you stash things, here your hosted Elasticsearch cluster on Elastic Cloud Enterprise. Logstash supports a variety of inputs that pull in events from a multitude of common sources — logs, metrics, web applications, data stores, and various AWS services — all in continuous, streaming fashion.

Before you begin

edit

To use the Cloud ID, you need:

  • A deployment with an Elasticsearch cluster on version 5.x or later to send data to.
  • Beats or Logstash version 6.x or later, installed locally wherever you want to send data from.
  • To configure Beats or Logstash, you need:

    • The unique Cloud ID for your deployment, available from the deployment overview page.
    • A user ID and password that has permission to send data to your cluster.

      In our examples, we use the elastic superuser that every version 5.x Elasticsearch cluster comes with. The password for the elastic user is provided when you create a deployment (and can also be reset if you forget it). On a production system, you should adapt these examples by creating a user that can write to and access only the minimally required indices. For each Beat, review the specific feature and role table, similar to the one in Metricbeat documentation.

Configure Beats with your Cloud ID

edit

The following example shows how you can send operational data from Metricbeat to Elastic Cloud Enterprise by using the Cloud ID. Any of the available Beats will work, but we had to pick one for this example.

For others, you can learn more about getting started with each Beat.

To get started with Metricbeat and Elastic Cloud Enterprise:

  1. Log into the Cloud UI.
  2. Create a new deployment and copy down the password for the elastic user.
  3. On the deployment overview page, copy down the Cloud ID.
  4. Set up the Beat of your choice, such as Metricbeat version 7.10.
  5. Configure the Beat output to send to Elastic Cloud.

    Make sure you replace the values for cloud.id and cloud.auth with your own information.

    The cloud.id found in the deployment overview page does not explicitly specify a port. This means that Beats will default to using port 443 when using cloud.id, not the commonly configured Cloud endpoint port 9243. If you need to set up any firewall or proxy rules for Beats, make sure to specify port 443.

  6. Open Kibana and explore!

Metricbeat creates an index pattern in Kibana with defined fields, searches, visualizations, and dashboards that you can start exploring. Look for information related to system metrics, such as CPU usage, utilization rates for memory and disk, and details for processes.

Configure Logstash with your Cloud ID

edit

The following example shows how you can send operational data with the Cloud ID from Logstash to an Elasticsearch cluster hosted on Elastic Cloud Enterprise.

Cloud ID applies only when a Logstash module is enabled, otherwise specifying Cloud ID has no effect. Cloud ID applies to data that gets sent via the module, to runtime metrics sent via X-Pack monitoring, and to the endpoint used by X-Pack central management features of Logstash, unless explicit overrides to X-Pack settings are specified in logstash.yml.

To get started with Logstash and Elastic Cloud Enterprise:

  1. Log into the Cloud UI.
  2. Create a new deployment and copy down the password for the elastic user.
  3. On the deployment overview page, copy down the Cloud ID.
  4. Download and unpack Logstash version 7.10.1.
  5. Modify the logstash.yml configuration file for Elastic Cloud Enterprise to add your user name and password.

    Make sure you replace the values for cloud.id and cloud.auth with your own information.

  6. Open Kibana and explore!

Logstash creates an index pattern in Kibana with defined fields, searches, visualizations, and dashboards for events that you can explore.