Step 2: Configure Functionbeat
editStep 2: Configure Functionbeat
editBefore deploying Functionbeat to your serverless environment, you need to specify details about the functions that you want to deploy, including the function name, type, and triggers that will cause the function to execute. You also need to specify connection details for your Elasticsearch cluster.
You specify settings in the functionbeat.yml
configuration file. This file
is located in the archive that you extracted earlier.
See the Config File Format section of the Beats Platform Reference for more about the structure of the config file.
The following example configures a function called cloudwatch
that collects
events from CloudWatch Logs and forwards the events to Elasticsearch.
functionbeat.provider.aws.deploy_bucket: "functionbeat-deploy" functionbeat.provider.aws.functions: - name: cloudwatch enabled: true type: cloudwatch_logs description: "lambda function for cloudwatch logs" triggers: - log_group_name: /aws/lambda/my-lambda-function cloud.id: "MyESDeployment:SomeLongString==" cloud.auth: "elastic:SomeLongString"
To configure Functionbeat:
-
Specify a unique name for the S3 bucket to which the functions will be uploaded. For example:
functionbeat.provider.aws.deploy_bucket: "functionbeat-deploy"
-
Define the functions that you want to deploy. For each function, you must specify:
name
A unique name for the Lambda function.
type
The type of service to monitor. For this release, the supported types are:
-
cloudwatch_logs
to collect data from CloudWatch logs -
sqs
to collect messages from Amazon Simple Queue Service (SQS)
triggers
The triggers that will cause the function to execute. If
type
iscloudwatch_logs
logs, specify a list of log groups. Iftype
issqs
, specify a list of Amazon Resource Names (ARNs).When a message is sent to the specified log group or queue, the Lambda function executes and sends message events to the output configured for Functionbeat.
The following example configures a function called
sqs
that collects data from Amazon SQS:- name: sqs enabled: true type: sqs triggers: - event_source_arn: arn:aws:sqs:us-east-1:123456789012:myevents
-
-
Configure the Elasticsearch output by setting the location of the Elasticsearch installation:
-
If you’re running our hosted Elasticsearch Service on Elastic Cloud, specify your Cloud ID. For example:
cloud.id: "staging:dXMtZWFzdC0xLmF3cy5mb3VuZC5pbyRjZWM2ZjI2MWE3NGJmMjRjZTMzYmI4ODExYjg0Mjk0ZiRjNmMyY2E2ZDA0MjI0OWFmMGNjN2Q3YTllOTYyNTc0Mw=="
-
If you’re running Elasticsearch on your own hardware, set the host and port where Functionbeat can find the Elasticsearch installation. For example:
output.elasticsearch: hosts: ["myEShost:9200"]
Elasticsearch is currently the only output supported by Functionbeat.
-
-
If Elasticsearch and Kibana are secured, set credentials in the
functionbeat.yml
config file before you run the commands that set up and start Functionbeat.-
If you’re running our hosted Elasticsearch Service on Elastic Cloud, specify your cloud auth credentials. For example:
cloud.auth: "elastic:YOUR_PASSWORD"
-
If you’re running Elasticsearch on your own hardware, specify your Elasticsearch and Kibana credentials:
output.elasticsearch: hosts: ["myEShost:9200"] username: "filebeat_internal" password: "YOUR_PASSWORD" setup.kibana: host: "mykibanahost:5601" username: "my_kibana_user" password: "YOUR_PASSWORD"
This examples shows a hard-coded password, but you should store sensitive values in the secrets keystore.
The
username
andpassword
settings for Kibana are optional. If you don’t specify credentials for Kibana, Functionbeat uses theusername
andpassword
specified for the Elasticsearch output.To use the pre-built Kibana dashboards, this user must have the
kibana_user
built-in role or equivalent privileges.For more information, see Securing Functionbeat.
-
To test your configuration file, change to the directory where the
Functionbeat binary is installed, and run Functionbeat in the foreground with
the following options specified: ./functionbeat test config -e
. Make sure your
config files are in the path expected by Functionbeat (see Directory layout),
or use the -c
flag to specify the path to the config file.
Before starting Functionbeat, you should look at the configuration options in the configuration file. For more information about these options, see Configuring Functionbeat.