This functionality is experimental and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but experimental features are not subject to the support SLA of official GA features.
NOTE: This You are looking at documentation for an older release. For the latest information, see the current release documentation.
Configure authentication credentials
editConfigure authentication credentials
editWhen sending data to a secured cluster through the elasticsearch
output, Journalbeat must either provide basic authentication credentials
or present a client certificate.
To configure authentication credentials for Journalbeat:
-
Create a writer role that has the following privileges:
-
Cluster:
manage_index_templates
andmonitor
-
Index:
write
andcreate_index
on the Journalbeat indices
You can create roles from the Management / Roles UI in Kibana or through the
role
API. For example, the following request creates a role namedjournalbeat_writer
: -
Cluster:
-
If you plan to use index lifecycle management, create a role that has the following privileges. These privileges are required to load index lifecycle policies and create and manage rollover indices:
-
Cluster:
manage_ilm
-
Index:
write
,create_index
,manage
, andmanage_ilm
on the Journalbeat indicesPOST _xpack/security/role/journalbeat_ilm { "cluster": ["manage_ilm"], "indices": [ { "names": [ "journalbeat-*","shrink-journalbeat-*"], "privileges": ["write","create_index","manage","manage_ilm"] } ] }
-
Cluster:
-
Assign the writer role to the user that Journalbeat will use to connect to Elasticsearch. Make sure you also assign any roles that are required for specific features. For the list of features and required roles, see Journalbeat features that require authorization.
-
To authenticate as a native user, create a user for Journalbeat to use internally and assign it the writer role, plus any other roles that are needed.
You can create users from the Management / Users UI in Kibana or through the
user
API. For example, following request creates a user namedjournalbeat_internal
that has thejournalbeat_writer
andkibana_user
roles:POST /_xpack/security/user/journalbeat_internal { "password" : "YOUR_PASSWORD", "roles" : [ "journalbeat_writer","kibana_user"], "full_name" : "Internal Journalbeat User" }
-
To use PKI authentication, assign the writer role, plus any other roles that are needed, in the
role_mapping.yml
configuration file. Specify the user by the distinguished name that appears in its certificate:journalbeat_writer: - "cn=Internal Journalbeat User,ou=example,o=com" kibana_user: - "cn=Internal Journalbeat User,ou=example,o=com"
For more information, see Using Role Mapping Files.
-
-
In the Journalbeat configuration file, specify authentication credentials for the
elasticsearch
output:-
To use basic authentication, configure the
username
andpassword
settings. For example, the following Journalbeat output configuration uses the nativejournalbeat_internal
user to connect to Elasticsearch:output.elasticsearch: hosts: ["localhost:9200"] username: "journalbeat_internal" password: "YOUR_PASSWORD"
You created this user earlier.
The example shows a hard-coded password, but you should store sensitive values in the secrets keystore.
-
To use PKI authentication, configure the
certificate
andkey
settings:
-