What username/password should I use for logstash?

I have a question about https://www.elastic.co/guide/en/x-pack/current/security-getting-started.html. Is that applicable to Elastic Cloud as well? E.g. how do I set the password of the logstash_system user? Or should I create a new user through Kibana for use by logstash? Should that be the same user for monitoring vs uploading data? If I need to create any users, what roles do they need to have (for each of those two use-cases)?

Hi @mrubin,

X-Pack security is enabled on all Elasticsearch clusters hosted on Elastic Cloud, you do not need to configure or enable it.
When you create a new cluster you will see an auto generated password for the default elastic user (you can also reset that password from the Elastic Cloud interface under the Cluster >> Security model). You can then use this set of credentials to login to kibana or use the REST api to create additional users, for your logstash instance for example, set the relevant permissions, etc.

For future questions about Elastic Cloud please follow instructions in the following link Now Live! New Elastic Cloud Standard Support!.

This channel is meant for Elastic Cloud Enterprise, which is a different product.

Thanks!

Thanks @zanbel! FYI I get a "Sorry, you don't have access to that topic!" when I visit the above link (for the Now Live topic).

Could you please point me to the page that you think has the clearest instructions for creating a logstash user via the REST api? Could you also tell me what the built-in logstash_system user/role (?) is? Am I suppose to use this?

@mrubin you should have access to view that topic. You should reach out to support@elastic.co to get it sorted so you can verify your a support contact in your Elastic Cloud account.

The default logstash_system role is already configured and you can then use X-Pack security REST api to create a user and assign it with the relevant role.

Please use this link for Elastic Cloud support https://www.elastic.co/cloud/as-a-service/support

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.