Filebeat Module's Yaml Config Issue

I was under the impression that I could use filebeats keystore, to hold security information and then call those variables in the config file. When I try to do that it throws an error "mapping values are not allowed in this context".

Is there a way I can do this as I don't want to put the API token in the config file?
Also after trying to do this if I try to change it back to the straight token it still throws the same error.
Below is the copy/paste of that config file, with the okta domain part changed to the placeholder domain.

# Module: okta
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-okta.html

- module: okta
  system:
     enabled: true
      var.url: https://domain.okta.com/api/v1/logs
      var.api_key: "${okta_key}"

Hi @Cassie_Danaher I fixed your formatting of your post a bit. Please use the </> button to format your code in a post.

If that is your exact yml there is improper indentation

Perhaps this...

- module: okta
  system:
    enabled: true
    var.url: https://domain.okta.com/api/v1/logs
    var.api_key: "${okta_key}"

With respect to the keystore yes you should be able to use that and it looks like correct usages assuming you added the that key to the keystore correctly.

Thank you Stephen that solved the issue. I'm not sure whether to be frustrated about two spaces or relieved my syntax was right. It is all working beautifully now, thank you.

Cool just to be clear that is yaml... not elastic... yaml is super pickey.

You can always test your config see here

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.