Configuring logstash for use with Elastic Cloud

I have some questions regarding configuring logstash to work with my Elastic Cloud cluster (see https://www.elastic.co/guide/en/cloud/master/ec-cloud-id.html).

  1. "In our examples, we use the elastic superuser that every version 5.x cluster comes with. ... On a production system, you should adapt these examples by creating a user that can write to and access only the minimally required indices."

How do I do this? By creating a user in Kibana? Is this related to the logstash_system role? If I create a new user, what permissions do I need to give them? Or am I supposed to somehow set the password for the logstash_system built-in user and use that?

  1. "Cloud ID applies only when a Logstash module is enabled, otherwise specifying Cloud ID has no effect."

What does this mean? What is a logstash module? If I have a Kafka input and an Elasticsearch output, am I using a module?

  1. "In the Logstash install directory, run the module. For example: bin/logstash --modules netflow -M "netflow.var.input.udp.port=3555" --cloud.id My_Cluster:MY_CLOUD_ID"

What is this? Do I have to run the netflow module?

I am currently using the 'elastic' username/password and that's working. I am trying to figure out how to switch logstash to a more-specific user.

Thank you

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.