- Functionbeat Reference:
- Functionbeat overview
- Quick start: installation and configuration
- Set up and deploy
- Configure
- AWS functions
- General settings
- Output
- Kerberos
- SSL
- Index lifecycle management (ILM)
- Elasticsearch index template
- Processors
- Define processors
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- append
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_duration
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- move_fields
- rate_limit
- registered_domain
- rename
- replace
- syslog
- translate_sid
- truncate_fields
- urldecode
- Internal queue
- Logging
- Regular expression support
- Instrumentation
- functionbeat.reference.yml
- How to guides
- Exported fields
- Monitor
- Secure
- Troubleshoot
- Get help
- Debug
- Understand logged metrics
- Common problems
- Deployment to AWS fails with "failed to create the stack"
- Deployment to AWS fails with "resource limit exceeded"
- Error loading config file
- Found unexpected or unknown characters
- Logstash connection doesn’t work
- Publishing to Logstash fails with "connection reset by peer" message
- @metadata is missing in Logstash
- Not sure whether to use Logstash or Beats
- SSL client fails to connect to Logstash
- Monitoring UI shows fewer Beats than expected
- High RSS memory usage due to MADV settings
Grant privileges and roles needed for monitoring
editGrant privileges and roles needed for monitoring
editElasticsearch security features provides built-in users and roles for monitoring. The privileges and roles needed depend on the method used to collect monitoring data.
Important note for Elastic Cloud users
Built-in users are not available when running our hosted Elasticsearch Service on Elastic Cloud. To send monitoring data securely, create a monitoring user and grant it the roles described in the following sections.
-
If you’re using internal collection to collect metrics about Functionbeat, Elasticsearch security features provides the
beats_system
built-in user andbeats_system
built-in role to send monitoring information. You can use the built-in user, if it’s available in your environment, or create a user who has the privileges needed to send monitoring information.If you use the
beats_system
user, make sure you set the password.If you don’t use the
beats_system
user:-
Create a monitoring role, called something like
functionbeat_monitoring
, that has the following privileges:Type Privilege Purpose Cluster
monitor
Retrieve cluster details (e.g. version)
Index
create_index
on.monitoring-beats-*
indicesCreate monitoring indices in Elasticsearch
Index
create_doc
on.monitoring-beats-*
indicesWrite monitoring events into Elasticsearch
-
Assign the monitoring role, along with the following built-in roles, to users who need to monitor Functionbeat:
Role Purpose kibana_admin
Use Kibana
monitoring_user
Use Stack Monitoring in Kibana to monitor Functionbeat
-
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now