I'm reviewing the documentation for Shield, in order to enable authentication for the ELK stack, and am puzzled with Logstash. A couple questions:
In reviewing Shield's Logstash documentation, a user and password is specified in the ElasticSearch output plugin. Wouldn't this contain the ElasticSearch, not the Logstash user?
When and where would the Logstash user be specified?
Thanks in advance. My apologies if I'm missing something obvious.