Filebeat with minimal security on ELK

Hello everyone,

I am using one ELK stack into only one Centos server.
I tried to follow this tutorial :

So i added this true
discovery.type: single-node

into the Elasticsearch.yml

and this
elasticsearch.username: "kibana_system"
into the kibana.yml

It works well into the kibana, i can log in with now one user "elastic"

But it's going wrong with filebeat on my client server which can no more send logs to Elasticsearch.
Does i have to add something into the filebeat configuration ?

  host: ""

  hosts: [""]
  protocol: "https"

Many thanks !

Yes, you will need to add a username and password. Check out the Basic authentication section here - Configure the Elasticsearch output | Filebeat Reference [7.15] | Elastic

Thanks for the help, i tried to follow the doc

Here's the configuration on the filebeat client

  hosts: [""]
  protocol: "https"
  username: "filebeat_writer"
  password: "Fil3b3ower"
  setup.ilm.check_exists: false

I did this after
with an new role and one new user linked to this role "filebeat_writer"

It still not working after
systemctl restart Elasticsearch && systemctl restart kibana

I got this error on the filebeat client log:

eslegclient/connection.go:253 Ping request failed with: Get "": dial tcp connectex: Aucune connexion n’a pu être établie car l’ordinateur cible l’a expressément refusée.

That suggests that there's something blocking Filebeat.

if i don't use true

nothing block and it works very well for filebeat, any idea ?

Hello everyone, if any ideas, help, you are very welcome :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.