I have some questions regarding configuring logstash to work with my Elastic Cloud cluster (see https://www.elastic.co/guide/en/cloud/master/ec-cloud-id.html).
- "In our examples, we use the elastic superuser that every version 5.x cluster comes with. ... On a production system, you should adapt these examples by creating a user that can write to and access only the minimally required indices."
How do I do this? By creating a user in Kibana? Is this related to the
logstash_system role? If I create a new user, what permissions do I need to give them? Or am I supposed to somehow set the password for the
logstash_system built-in user and use that?
- "Cloud ID applies only when a Logstash module is enabled, otherwise specifying Cloud ID has no effect."
What does this mean? What is a logstash module? If I have a Kafka input and an Elasticsearch output, am I using a module?
- "In the Logstash install directory, run the module. For example:
bin/logstash --modules netflow -M "netflow.var.input.udp.port=3555" --cloud.id My_Cluster:MY_CLOUD_ID"
What is this? Do I have to run the netflow module?
I am currently using the 'elastic' username/password and that's working. I am trying to figure out how to switch logstash to a more-specific user.