Does Filebeat have to use 'beats_system' or 'elastic' to connect to ElasticSearch?

houmie · November 15, 2020, 11:42am

Sorry, which one is the best practice? Because when we run elasticsearch-setup-passwords auto it generates passwords for beats_system and elastic for us.

output.elasticsearch:
  hosts: ["localhost:9200"]
  protocol: "https"
  username: "elastic"
  password: "${ES_PASSWORD}"

Or

output.elasticsearch:
  hosts: ["localhost:9200"]
  protocol: "https"
  username: "beats_system"
  password: "${BEATS_SYSTEM_PASSWD}"

If the former is correct, then in which circumstances do we use beats_system?

Many Thanks,
Houman

aaron-nimocks · November 15, 2020, 3:14pm

beats_system doesn't have the correct privileges. It's for monitoring and not ingesting data.

elastic has too many privileges you wouldn't want someone getting access to so not using it if not needed is the best practice.

I'd recommend creating a custom user/role that has the exact but minimum privileges enabled. Also you could generate an API key vs having to use keystore for the password.

system · December 13, 2020, 5:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch permissions required by Filebeat Beats filebeat	7	3891	November 30, 2018
Unable to configure filebeat: Could not connect to elasticsearch host Beats filebeat	4	227	March 30, 2024
Secure user for Beats (lowest privileges as possible) Elasticsearch elastic-stack-security	1	602	April 30, 2020
Filebeat keystore for basic security Beats filebeat	3	2655	January 6, 2022
Filebeat best way to secure credentials? Beats	18	2909	October 19, 2016

Does Filebeat have to use 'beats_system' or 'elastic' to connect to ElasticSearch?

Related topics