Logstashedit
Multiple instances of Logstash can be deployed in addition to Elasticsearch, providing a pipeline for ingesting data into Elasticsearch. The version of Logstash deployed is always the same as the version of Elasticsearch, ensuring compatibility between products.
The following parameters can be used to deploy Logstash, and control additional configuration
-
logstash
-
Whether to deploy Logstash in addition to Elasticsearch. A value of
Yes
will also deploy Logstash, whilstNo
will not. Defaults toNo
. -
vmSizeLogstash
-
The Azure VM SKU to use for Logstash. Different VM SKUs have different CPU, RAM,
temporary storage space and network bandwidth. The Logstash VM always uses standard storage for the OS disk. The default value is
Standard_DS1_v2
. -
vmLogstashCount
-
The number of Logstash VMs to deploy. Defaults to
1
. -
vmLogstashAcceleratedNetworking
-
Whether to enable accelerated networking for Logstash,
which enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its
networking performance. Valid values are
Default
,Yes
,No
. The default isDefault
, which enables accelerated networking for the VM SKUs known to support it. -
logstashHeapSize
- The amount of memory, in megabytes, to allocate to Logstash for the JVM heap. Default will allocate whatever the default is within jvm.options for the version of Logstash deployed.
-
logstashConf
-
A Base-64 encoded string form of Logstash configuration file with which to start Logstash. A number of parameters are configured that can be referenced from the configuration file
${ELASTICSEARCH_URL}
the Elasticsearch endpoint
${LOGSTASH_SYSTEM_PASSWORD}
password of the built-in
logstash_system
user${ELASTICSEARCH_CACERT}
the path to the CA cert used to secure the Elasticsearch HTTP layer. Only set when Transport Layer Security is configured for the Elasticsearch HTTP layer
TLS with Logstash monitoring
When Transport Layer Security is configured for the Elasticsearch HTTP layer, Logstash is configured to perform verification against the certificate presented, using the CA certificate used to secure the Elasticsearch HTTP layer.
Logstash communicates with Elasticsearch through the IP address of the internal load balancer, which means
that a certificate provided with esHttpCertBlob
is unlikely to pass hostname
verification. For this reason, xpack.monitoring.elasticsearch.ssl.verification_mode
is set to none
.
When a CA certificate is provided with esHttpCaCertBlob
, the generated certificates used to
secure the Elasticsearch HTTP layer include the internal load balancer IP address, meaning
monitoring can be enabled for all versions where Transport Layer Security is configured
for the Elasticsearch HTTP layer.
-
logstashKeystorePassword
-
Security password for Logstash keystore.
If no value is supplied, a password will be generated using the ARM template
uniqueString()
function. -
logstashAdditionalPlugins
-
Additional Logstash plugins to install. Each plugin must be separated by a semicolon. For example
logstash-input-azure_event_hubs;logstash-input-http_poller
-
logstashAdditionalYaml
-
Additional configuration that will be applied to the logstash.yml configuration file before start up. Each line must be separated by a
\n
newline character, for example"pipeline.batch.size: 125\npipeline.batch.delay: 50"
It is recommended that you run your additional yaml through a linter before starting a deployment, as incorrectly formatted yaml will fail the deployment.
Logstash only accessible within the Virtual Network and communicates with Elasticsearch through the internal load balancer