Configure Heartbeat to use X-Pack security
editConfigure Heartbeat to use X-Pack security
editIf you want Heartbeat to connect to a cluster that has X-Pack security enabled, there are extra configuration steps:
-
Configure authentication credentials.
To send data to a secured cluster through the
elasticsearch
output, Heartbeat needs to authenticate as a user who can manage index templates, monitor the cluster, create indices, and read and write to the indices it creates. -
Grant users access to Heartbeat indices.
To search the indexed Heartbeat data and visualize it in Kibana, users need access to the indices Heartbeat creates.
-
Configure Heartbeat to use encrypted connections.
If encryption is enabled on the cluster, you need to enable HTTPS in the Heartbeat configuration.
-
Set the password for the
beats_system
built-in user.Heartbeat uses the
beats_system
user to send monitoring data to Elasticsearch. If you plan to monitor Heartbeat in Kibana and have not yet set up the password, set it up now.
For more information about X-Pack security, see Securing the Elastic Stack.
Heartbeat features that require authorization
editAfter securing Heartbeat, make sure your users have the roles (or associated
privileges) required to use these Heartbeat features. You must create the
heartbeat_writer
and
heartbeat_reader
roles (see Configure authentication credentials and
Grant users access to Heartbeat indices).
The machine_learning_admin
and kibana_user
roles are built-in.
Feature | Role |
---|---|
Send data to a secured cluster |
|
Load index templates |
|
Load Heartbeat dashboards into Kibana |
|
Load machine learning jobs |
|
Read indices created by Heartbeat |
|
View Heartbeat dashboards in Kibana |
|