Logstash Centralized management pipeline

esijati · January 20, 2021, 6:42pm

Hi,
I am trying to enable the logstash centralized pipeline management with X-Pack security enabled, but with limited documentation from ELK I am unable to proceed further on how it will look at Kibana side.

Regards
JS

leandrojmp · January 20, 2021, 8:38pm

Did you follow the instructions in the documentation?

What is not working?

Also, what is your license? You need at least the paid Gold license.

esijati · January 20, 2021, 9:29pm

Hi,
I am using Enterprise License. I followed this documentation and running the logstash as below.

logstash.yml : x-pack enabled with SSL and
abc.conf: with beat inputs and Elasticsearch as output.
added the abc.conf entry in pipelines.yml
running the logstash as "logstash -f abc.conf
created the pipeline (abc.conf) in "Centralized Logstash Management" section of Stack Management in Kibana.
Made the changes in abc.conf, re-running the pipeline, expecting the changes to reflect in "Centralized Logstash Management"

leandrojmp · January 20, 2021, 10:02pm

This is not what the documentation is saying.

When using the Centralized Logstash Management you do not use the pipelines.yml anymore, nor you start logstash using the -f parameter, you start logstash and all the pipelines will be synced from your elasticsearch.

I would recommend that you follow these steps on how to configure the Centralized Management Pipeline in logstash.

esijati · January 20, 2021, 10:08pm

Ok, So I need to create the separate .conf for each logstash and then list in the "xpack.management.pipeline.id".
I think I am all done with the configuration.
Would be great if you can share the recommended way to run the logstash .
Thankyou

leandrojmp · January 20, 2021, 10:17pm

You do not create configuration files anymore, you will create them through the Kibana interface according to these steps

If you want a pipeline named abc, you will need this line in the logstash.yml file in each one of the logstash instances that you want to run this pipeline:

xpack.management.pipeline.id: ["abc"]

Then you will create in Kibana a pipeline with the ID abc, when your logstash instance starts, it will sync the pipeline configuration.

I don't know what system you are using, but I would recommend that you run logstash as a service, if you are on linux you can use systemd and follow this documentation, if you are on windows you can use nssm and follow this documentation

esijati · January 20, 2021, 10:26pm

Thanks Leandro much appreciated !

warkolm · January 21, 2021, 12:09am

Welcome to our community!

Please do speak to your Support engineer then, they will be able to help

system · February 18, 2021, 12:09am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can't set Centralized pipeline management Elasticsearch	2	675	May 7, 2018
Centralized pipeline management - pipeline terminating Logstash	2	2247	February 23, 2018
How to configure Management and Monitoring？ Logstash	5	409	November 15, 2018
Unable to get Logstash Centralised Management working Logstash fleet	1	316	September 29, 2020
Central pipeline management - beats strategy Logstash	1	310	March 18, 2021

Logstash Centralized management pipeline

Related Topics