Hi,
I want to make more secure sending monitoring data from filebeat to ES. Earlier it was secured just by login/password which were sent by HTTP that was detected by our internal IDS. So I implemented NGINX on port 9201 and made such a config, section is below:
#============================== Xpack Monitoring ===============================
# filebeat can export internal metrics to a central Elasticsearch monitoring
# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The
# reporting is disabled by default.
# Set to true to enable the monitoring reporter.
monitoring.enabled: true
# Sets the UUID of the Elasticsearch cluster under which monitoring data for this
# Filebeat instance will appear in the Stack Monitoring UI. If output.elasticsearch
# is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch.
#monitoring.cluster_uuid:
monitoring.elasticsearch:
cluster_uuid: j-xxxxxxxxxxxxxxxxxxxx
hosts: ["https://test.test.local:9201"]
username: beats_system
password: xxxxxxxxxxxxxxxxxxxxx
# Uncomment to send the metrics to Elasticsearch. Most settings from the
# Elasticsearch output are accepted here as well.
# Note that the settings should point to your Elasticsearch *monitoring* cluster.
# Any setting that is not set is automatically inherited from the Elasticsearch
# output configuration, so if you have the Elasticsearch output configured such
# that it is pointing to your Elasticsearch monitoring cluster, you can simply
# uncomment the following line.
#monitoring.elasticsearch:
The problem is that filebeat starts and works but nothing is sent to ES. I haven't found any errors in filebeat and ES logs. Maybe something wrong with my config?