here is changes of my filebeat - I just configured elasticsearch in filebeat -
#-------------------------- Elasticsearch output -------------------------------
output.elasticsearch:
Boolean flag to enable or disable the output module.
#enabled: true
Array of hosts to connect to.
Scheme and port can be left out and will be set to the default (http and 9200)
In case you specify and additional path, the scheme is required: http://localhost:9200/path
IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
hosts: ["myip:9200"]
Set gzip compression level.
#compression_level: 0
Optional protocol and basic auth credentials.
protocol: "https"
#username: "elastic"
#password: "changeme"
Dictionary of HTTP parameters to pass within the url with index operations.
#parameters:
#param1: value1
#param2: value2
Number of workers per Elasticsearch host.
#worker: 1
Optional index name. The default is "filebeat" plus date
and generates [filebeat-]YYYY.MM.DD keys.
index: "filebeat-%{+yyyy.MM.dd}"
Optional ingest node pipeline. By default no pipeline will be used.
#pipeline: ""
Optional HTTP Path
#path: "/elasticsearch"
Custom HTTP headers to add to each request
#headers:
X-My-Header: Contents of the header
Proxy server url
#proxy_url: http://proxy:3128
The number of times a particular Elasticsearch index operation is attempted. If
the indexing operation doesn't succeed after this many retries, the events are
dropped. The default is 3.
#max_retries: 3
The maximum number of events to bulk in a single Elasticsearch bulk API index request.
The default is 50.
#bulk_max_size: 50
Configure http request timeout before failing an request to Elasticsearch.
#timeout: 90
The number of seconds to wait for new events between two bulk API index requests.
If bulk_max_size
is reached before this interval expires, addition bulk index
requests are made.
#flush_interval: 1s
A template is used to set the mapping in Elasticsearch
By default template loading is enabled and the template is loaded.
These settings can be adjusted to load your own template or overwrite existing ones.
Set to false to disable template loading.
#template.enabled: true
Template name. By default the template name is filebeat.
Path to template file
template.path: "${path.config}/filebeat.template.json"
Overwrite existing template
template.overwrite: false
If set to true, filebeat checks the Elasticsearch version at connect time, and if it
is 2.x, it loads the file specified by the template.versions.2x.path setting. The
default is true.
#template.versions.2x.enabled: true
Path to the Elasticsearch 2.x version of the template file.
#template.versions.2x.path: "${path.config}/filebeat.template-es2x.json"
If set to true, filebeat checks the Elasticsearch version at connect time, and if it
is 6.x, it loads the file specified by the template.versions.6x.path setting. The
default is true.
#template.versions.6x.enabled: true
Path to the Elasticsearch 6.x version of the template file.
#template.versions.6x.path: "${path.config}/filebeat.template-es6x.json"
Use SSL settings for HTTPS. Default is true.
#ssl.enabled: true
Configure SSL verification mode. If none
is configured, all server hosts
and certificates will be accepted. In this mode, SSL based connections are
susceptible to man-in-the-middle attacks. Use only for testing. Default is
full
.
#ssl.verification_mode: full
List of supported/valid TLS versions. By default all TLS versions 1.0 up to
1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
SSL configuration. By default is off.
List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
Optional passphrase for decrypting the Certificate Key.
#ssl.key_passphrase: ''
Configure cipher suites to be used for SSL connections
#ssl.cipher_suites: []
Configure curve types for ECDHE based cipher suites
#ssl.curve_types: []
#----------------------------- Logstash output ---------------------------------
#output.logstash:
Boolean flag to enable or disable the output module.
#enabled: true
The Logstash hosts
#hosts: ["localhost:5044"]
Number of workers per Logstash host.
#worker: 1
Set gzip compression level.
#compression_level: 3
Optional load balance the events between the Logstash hosts
#loadbalance: true
Number of batches to be send asynchronously to logstash while processing
new batches.
#pipelining: 0
Optional index name. The default index name is set to name of the beat
in all lowercase.
#index: 'filebeat'
SOCKS5 proxy server URL
#proxy_url: socks5://user:password@socks5-server:2233
Resolve names locally when using a proxy server. Defaults to false.
#proxy_use_local_resolver: false
Enable SSL support. SSL is automatically enabled, if any SSL setting is set.
#ssl.enabled: true
Configure SSL verification mode. If none
is configured, all server hosts
and certificates will be accepted. In this mode, SSL based connections are
susceptible to man-in-the-middle attacks. Use only for testing. Default is
full
.
#ssl.verification_mode: full
List of supported/valid TLS versions. By default all TLS versions 1.0 up to
1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
Optional SSL configuration options. SSL is off by default.
List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
Optional passphrase for decrypting the Certificate Key.
#ssl.key_passphrase: ''
Configure cipher suites to be used for SSL connections
#ssl.cipher_suites: []
Configure curve types for ECDHE based cipher suites
#ssl.curve_types: []