Hello everyone,
I am using one ELK stack into only one Centos server.
I tried to follow this tutorial :
security-minimal-setup
So i added this
xpack.security.enabled: true
discovery.type: single-node
into the Elasticsearch.yml
and this
elasticsearch.username: "kibana_system"
into the kibana.yml
It works well into the kibana, i can log in with now one user "elastic"
But it's going wrong with filebeat on my client server which can no more send logs to Elasticsearch.
Does i have to add something into the filebeat configuration ?
setup.kibana:
host: "10.1.24.194:5601"
output.elasticsearch:
hosts: ["10.1.24.194:9200"]
protocol: "https"
Many thanks !
warkolm
(Mark Walkom)
November 24, 2021, 8:54pm
2
Yes, you will need to add a username and password. Check out the Basic authentication section here - Configure the Elasticsearch output | Filebeat Reference [8.11] | Elastic
Thanks for the help, i tried to follow the doc
Here's the configuration on the filebeat client
output.elasticsearch:
hosts: ["10.1.24.194:9200"]
protocol: "https"
username: "filebeat_writer"
password: "Fil3b3ower"
setup.ilm.check_exists: false
I did this after
privileges-to-publish-events
with an new role and one new user linked to this role "filebeat_writer"
It still not working after
systemctl restart elasticsearch && systemctl restart kibana
I got this error on the filebeat client log:
eslegclient/connection.go:253 Ping request failed with: Get "https://10.1.24.194:9200 ": dial tcp 10.1.24.194:9200: connectex: Aucune connexion n’a pu être établie car l’ordinateur cible l’a expressément refusée.
warkolm
(Mark Walkom)
November 25, 2021, 10:59pm
4
That suggests that there's something blocking Filebeat.
if i don't use
xpack.security.enabled: true
nothing block and it works very well for filebeat, any idea ?
Hello everyone, if any ideas, help, you are very welcome
system
(system)
Closed
January 3, 2022, 7:39am
7
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.