- Metricbeat Reference: other versions:
- Overview
- Get started
- Set up and run
- Upgrade Metricbeat
- How Metricbeat works
- Configure
- Modules
- General settings
- Project paths
- Config file loading
- Output
- SSL
- Index lifecycle management (ILM)
- Elasticsearch index template
- Kibana endpoint
- Kibana dashboards
- Processors
- Define processors
- add_cloud_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_json_fields
- decompress_gzip_field
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- registered_domain
- rename
- script
- truncate_fields
- Autodiscover
- Internal queue
- Logging
- HTTP endpoint
- Regular expression support
- metricbeat.reference.yml
- How to guides
- Beats central management
- Modules
- activemq module
- Aerospike module
- Apache module
- App Search module
- aws module
- azure module
- Beat module
- Ceph module
- CockroachDB module
- consul module
- coredns module
- Couchbase module
- couchdb module
- Docker module
- Dropwizard module
- Elasticsearch module
- Elasticsearch ccr metricset
- Elasticsearch cluster_stats metricset
- Elasticsearch enrich metricset
- Elasticsearch index metricset
- Elasticsearch index_recovery metricset
- Elasticsearch index_summary metricset
- Elasticsearch ml_job metricset
- Elasticsearch node metricset
- Elasticsearch node_stats metricset
- Elasticsearch pending_tasks metricset
- Elasticsearch shard metricset
- envoyproxy module
- Etcd module
- Golang module
- Google Cloud Platform module
- Graphite module
- HAProxy module
- HTTP module
- Jolokia module
- Kafka module
- Kibana module
- Kubernetes module
- Kubernetes apiserver metricset
- Kubernetes container metricset
- Kubernetes controllermanager metricset
- Kubernetes event metricset
- Kubernetes node metricset
- Kubernetes pod metricset
- Kubernetes proxy metricset
- Kubernetes scheduler metricset
- Kubernetes state_container metricset
- Kubernetes state_cronjob metricset
- Kubernetes state_deployment metricset
- Kubernetes state_node metricset
- Kubernetes state_persistentvolumeclaim metricset
- Kubernetes state_pod metricset
- Kubernetes state_replicaset metricset
- Kubernetes state_resourcequota metricset
- Kubernetes state_service metricset
- Kubernetes state_statefulset metricset
- Kubernetes system metricset
- Kubernetes volume metricset
- kvm module
- Logstash module
- Memcached module
- MongoDB module
- MSSQL module
- Munin module
- MySQL module
- Nats module
- Nginx module
- Oracle module
- PHP_FPM module
- PostgreSQL module
- Prometheus module
- RabbitMQ module
- Redis module
- sql module
- Stan module
- Statsd module
- System module
- System core metricset
- System cpu metricset
- System diskio metricset
- System entropy metricset
- System filesystem metricset
- System fsstat metricset
- System load metricset
- System memory metricset
- System network metricset
- System network_summary metricset
- System process metricset
- System process_summary metricset
- System raid metricset
- System service metricset
- System socket metricset
- System socket_summary metricset
- System uptime metricset
- Tomcat module
- traefik module
- uwsgi module
- vSphere module
- Windows module
- ZooKeeper module
- Exported fields
- activemq fields
- Aerospike fields
- Apache fields
- App Search fields
- aws fields
- azure fields
- Beat fields
- Beat fields
- Ceph fields
- Cloud provider metadata fields
- CockroachDB fields
- Common fields
- consul fields
- coredns fields
- Couchbase fields
- couchdb fields
- Docker fields
- Docker fields
- Dropwizard fields
- ECS fields
- Elasticsearch fields
- envoyproxy fields
- Etcd fields
- Golang fields
- Google Cloud Platform fields
- Graphite fields
- HAProxy fields
- Host fields
- HTTP fields
- Jolokia fields
- Jolokia Discovery autodiscover provider fields
- Kafka fields
- Kibana fields
- Kubernetes fields
- Kubernetes fields
- kvm fields
- Logstash fields
- Memcached fields
- MongoDB fields
- MSSQL fields
- Munin fields
- MySQL fields
- Nats fields
- Nginx fields
- Oracle fields
- PHP_FPM fields
- PostgreSQL fields
- Process fields
- Prometheus fields
- RabbitMQ fields
- Redis fields
- sql fields
- Stan fields
- Statsd fields
- System fields
- Tomcat fields
- traefik fields
- uwsgi fields
- vSphere fields
- Windows fields
- ZooKeeper fields
- Monitor
- Secure
- Troubleshoot
- Get help
- Debug
- Common problems
- "open /compat/linux/proc: no such file or directory" error on FreeBSD
- Metricbeat collects system metrics for interfaces you didn’t configure
- Metricbeat uses too much bandwidth
- Error loading config file
- Found unexpected or unknown characters
- Logstash connection doesn’t work
- @metadata is missing in Logstash
- Not sure whether to use Logstash or Beats
- SSL client fails to connect to Logstash
- Monitoring UI shows fewer Beats than expected
- Contribute to Beats
Secure communication with Elasticsearch
editSecure communication with Elasticsearch
editTo secure the communication between Metricbeat and Elasticsearch, you can use HTTPS and basic authentication. Basic authentication for Elasticsearch is available when you enable X-Pack security (see Secure a cluster and Use security features). If you aren’t using X-Pack security, you can use a web proxy instead.
Here is a sample configuration:
output.elasticsearch: username: metricbeat password: verysecret protocol: https hosts: ["elasticsearch.example.com:9200"]
|
The username to use for authenticating to Elasticsearch. |
|
|
The password to use for authenticating to Elasticsearch. |
|
|
This setting enables the HTTPS protocol. |
|
|
The IP and port of the Elasticsearch nodes. |
To obfuscate passwords and other sensitive settings, use the secrets keystore.
Metricbeat verifies the validity of the server certificates and only accepts trusted certificates. Creating a correct SSL/TLS infrastructure is outside the scope of this document.
By default Metricbeat uses the list of trusted certificate authorities from the operating system where Metricbeat is running. You can configure Metricbeat to use a specific list of CA certificates instead of the list from the OS. You can also configure it to use client authentication by specifying the certificate and key to use when the server requires the Metricbeat to authenticate. Here is an example configuration:
output.elasticsearch: username: metricbeat password: verysecret protocol: https hosts: ["elasticsearch.example.com:9200"] ssl.certificate_authorities: - /etc/pki/my_root_ca.pem - /etc/pki/my_other_ca.pem ssl.certificate: "/etc/pki/client.pem" ssl.key: "/etc/pki/key.pem"
|
The list of CA certificates to trust |
|
|
The path to the certificate for SSL client authentication |
|
|
The client certificate key |
For any given connection, the SSL/TLS certificates must have a subject
that matches the value specified for hosts, or the SSL handshake fails.
For example, if you specify hosts: ["foobar:9200"], the certificate MUST
include foobar in the subject (CN=foobar) or as a subject alternative name
(SAN). Make sure the hostname resolves to the correct IP address. If no DNS is available, then
you can associate the IP address with your hostname in /etc/hosts
(on Unix) or C:\Windows\System32\drivers\etc\hosts (on Windows).