Metricbeat and Elastic Security

Hello,

So I have setup Elasticsearch security. Usual logging works fine using a logstash_internal user using the appropriate role recommended by the docs.

I'm having a hard time however finding out how to configure Metricbeat...

This page says that several roles need to exist, like for "setup" but don't exactly tell where they are used / should be configured.

What I'm getting at startup:

metricbeat[27436]: 2022-02-08T17:06:40.845+0100#011ERROR#011[publisher_pipeline_output]#011pipeline/output.go:154#011Failed to connect to backoff(elasticsearch(http://localhost:9200)): Connection marked as failed because the onConnect callback failed: error loading template: failure while checking if template exists: 403 Forbidden:

output.elasticsearch is using the metricbeat_writer user as described here and here.

However here it says to use remote_monitoring_user.

So which is true?

Which user do I use in metricbeat.yml for output.Elasticsearch?

Which user do I use in modules.d/Elasticsearch-xpack.yml for monitoring Elasticsearch?

Thx,
Marki

# metricbeat modules list
Enabled:
elasticsearch-xpack
kibana-xpack
logstash-xpack
system
#metricbeat.yml
metricbeat.config.modules:
  path: ${path.config}/modules.d/*.yml

  reload.enabled: false

setup.template.settings:
  index.number_of_shards: 1
  index.codec: best_compression

setup.kibana:

  username: "metricbeat_kib_setup"
  password: "password"

output.elasticsearch:
  hosts: ["localhost:9200"]

  username: "metricbeat_internal"
  password: "password"

processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

path.logs: /var/log/metricbeat

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.