Filebeat output to secured HA Elasticsearch

Hello there,

I have successfully deployed an HA Elasticsearch cluster which is has xpack security features enabled. My problem is that I do not really know how to configure filebeat elasticsearch.output, so it can do petitions to the different hosts of the Elasticsearch clusters. Specifically what worries me is the following:
I know I can use the following configuration in the beat:

     output.elasticsearch:
        hosts: ["https://es1:9200","https://es2:9200","https://es3:9200"]
        protocol: "https"
        username: "xxx"
        password: "xxx"
        ssl.certificate_authorities: ["/etc/metricbeat/certs/ca.crt"]
        ssl.certificate: "/etc/metricbeat/certs/{{ es_node_name }}.crt"
        ssl.key: "/etc/metricbeat/certs/{{ es_node_name }}.key"

Each Elasticsearch node has its own certificate, if I declare three hosts "es1", "es2", and "es3", then the beat is going to need three different certificates to call each API of each node. But apparently, I can only specify only one certificate and one key. What can I do if I want the beats to call the three APIs and "balance" the petitions without using a reverse proxy?

Kind regards,

Does this blog post help? Configuring SSL, TLS, and HTTPS to secure Elasticsearch, Kibana, Beats, and Logstash | Elastic Blog

Shaunak

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.