ReadonlyREST
Portal
current
current
  • README
  • For Elasticsearch
    • Audit configuration
    • External to local groups mapping
    • FIPS mode
    • FLS engine
    • indices rule - Index not found scenario
    • indices rule - ES Templates handling
  • For Kibana
    • Impersonation (Enterprise)
    • Kibana 7.8.x and older
    • ReadonlyREST API
  • For ECK
  • Universal Builds
  • Examples
    • Multi-tenancy Elastic Stack (Enterprise)
    • Multi-user Elastic Stack (PRO)
    • SAML SSO (Enterprise)
      • Keycloak
      • Microsoft Azure AD
      • Microsoft ADFS
      • Duo Security MFA
    • OpenID Connect (OIDC) (Enterprise)
      • Keycloak
    • Impersonation (Enterprise)
      • Creating Test Settings
      • Defining external services mock configurations
      • Impersonating users
    • ROR cluster with Elastic Cloud integration
      • Docker-based playground
      • Configuration details
    • Custom middleware (Enterprise)
      • Enriching the metadata
      • Reject machine-to-machine traffic using custom metadata ACL rules
      • Reordering available tenancies
      • Available rorRequest API
      • Secure Logstash
      • Secure Metricbeat
  • Contribution License Agreement
  • Commercial Licenses
  • Changelog
Powered by GitBook
On this page
  • On the Metricbeat's side
  • On the Elasticsearch side

Was this helpful?

Edit on GitHub
  1. Examples
  2. Custom middleware (Enterprise)

Secure Metricbeat

PreviousSecure LogstashNextContribution License Agreement

Last updated 7 months ago

Was this helpful?

Very similar to Logstash, here's a snippet of configuration for logging agent configuration of the metricbeat - the elasticsearch section

On the Metricbeat's side

output.elasticsearch:
  output.elasticsearch:
  username: metricbeat
  password: hereyourpasswordformetricbeat
  protocol: https
  hosts: ["xx.xx.xx.xx:9200"]
  worker: 1
  index: "log_metricbeat-%{+yyyy.MM}"
  template.enabled: false
  template.versions.2x.enabled: false
  ssl.enabled: true
  ssl.certificate_authorities: ["./certs/your-rootca_cert.pem"]
  ssl.certificate: "./certs/your_srv_cert.pem"
  ssl.key: "./certs/your_srv_key.pem"

Of course, if you do not use SSL, disable it.

On the Elasticsearch side

readonlyrest:
  ssl:
    enable: true
    # keystore in the same dir with elasticsearch.yml
    keystore_file: "keystore.jks"
    keystore_pass: readonlyrest
    key_pass: readonlyrest

  access_control_rules:
  - name: "metricbeat can write and create its own indices"
    auth_key_sha1: fd2e44724a234234454324253094080986e8fda
    actions: ["indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create"]
    indices: ["metricbeat-*", "log_metricbeat*"]
Metricbeat