I'm reviewing the documentation for Shield, in order to enable authentication for the ELK stack, and am puzzled with Logstash. A couple questions:
-
In reviewing Shield's Logstash documentation, a user and password is specified in the ElasticSearch output plugin. Wouldn't this contain the ElasticSearch, not the Logstash user?
-
If so, what's the purpose of the Logstash user? That it's not mentioned here, or in numerous tutorials (1, 2) makes me think it's redundant, but someone correct me if I'm wrong.
-
When and where would the Logstash user be specified?
Thanks in advance. My apologies if I'm missing something obvious.