Confusion about authentication for Logstash

MattW224 · February 19, 2016, 12:04am

I'm reviewing the documentation for Shield, in order to enable authentication for the ELK stack, and am puzzled with Logstash. A couple questions:

In reviewing Shield's Logstash documentation, a user and password is specified in the ElasticSearch output plugin. Wouldn't this contain the ElasticSearch, not the Logstash user?
If so, what's the purpose of the Logstash user? That it's not mentioned here, or in numerous tutorials (1, 2) makes me think it's redundant, but someone correct me if I'm wrong.
When and where would the Logstash user be specified?

Thanks in advance. My apologies if I'm missing something obvious.

skearns · February 19, 2016, 8:47am

Heya Matt,

The docs are trying to outline a process that looks like this:

Create a user in the Shield esusers realm, and assign it the logstash role, which comes pre-defined for you. The Logstash role grants the user access to write into log
Add the user/password you just created to the logstash configuration, so that when Logstash attempts to connect to Elasticsearch, it sends the username/password credentials.

Does that help?

Topic		Replies	Views
What username/password should I use for logstash? Elastic Cloud Enterprise (ECE)	5	980	March 12, 2018
Can't get logstash user to authenticate to ES Elasticsearch elastic-stack-security	5	2516	July 6, 2017
PKI authentication in logstash Elastic Search Output not working Elasticsearch	22	4121	July 5, 2017
Unknown setting 'user/password' for elasticsearch {:level=>:error} Logstash	3	3891	July 6, 2017
How to define Kibana/Logstash password encrypted Logstash elastic-stack-security	8	2870	July 6, 2017