Hello,
So I have setup Elasticsearch security. Usual logging works fine using a logstash_internal user using the appropriate role recommended by the docs.
I'm having a hard time however finding out how to configure Metricbeat...
This page says that several roles need to exist, like for "setup" but don't exactly tell where they are used / should be configured.
What I'm getting at startup:
metricbeat[27436]: 2022-02-08T17:06:40.845+0100#011ERROR#011[publisher_pipeline_output]#011pipeline/output.go:154#011Failed to connect to backoff(elasticsearch(http://localhost:9200)): Connection marked as failed because the onConnect callback failed: error loading template: failure while checking if template exists: 403 Forbidden:
output.elasticsearch
is using the metricbeat_writer user as described here and here.
However here it says to use remote_monitoring_user.
So which is true?
Which user do I use in metricbeat.yml for output.Elasticsearch?
Which user do I use in modules.d/Elasticsearch-xpack.yml for monitoring Elasticsearch?
Thx,
Marki
# metricbeat modules list
Enabled:
elasticsearch-xpack
kibana-xpack
logstash-xpack
system
#metricbeat.yml
metricbeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
index.codec: best_compression
setup.kibana:
username: "metricbeat_kib_setup"
password: "password"
output.elasticsearch:
hosts: ["localhost:9200"]
username: "metricbeat_internal"
password: "password"
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
path.logs: /var/log/metricbeat