Add user information in Logstash

edit

In order for Logstash to send data successfully to Elasticsearch, you must configure its authentication credentials in the Logstash configuration file.

  1. Configure Logstash to use the logstash_internal user and the password that you created:

    • If you don’t mind having passwords visible in your configuration file, add the following user and password settings in the demo-metrics-pipeline.conf file in your Logstash directory:

      ...
      
      output {
        elasticsearch {
          hosts => "localhost:9200"
          manage_template => false
          index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
          user => "logstash_internal" 
          password => "your_password" 
        }
      }

      Specify the logstash_internal user that you created earlier in this tutorial.

      Specify the password that you chose for this user ID.

    • If you prefer not to put your user ID and password in the configuration file, store them in a keystore instead.

      Run the following commands to create the Logstash keystore and add the secure settings:

      set +o history
      export LOGSTASH_KEYSTORE_PASS=mypassword 
      set -o history
      ./bin/logstash-keystore create
      ./bin/logstash-keystore add ES_USER
      ./bin/logstash-keystore add ES_PWD

      You can optionally protect access to the Logstash keystore by storing a password in an environment variable called LOGSTASH_KEYSTORE_PASS. For more information, see Keystore password.

      When prompted, specify the logstash_internal user and its password for the ES_USER and ES_PWD values.

      The Logstash keystore differs from the Kibana keystore. Whereas the Kibana keystore enables you to store kibana.yml settings by name, the Logstash keystore enables you to create arbitrary names that you can reference in the Logstash configuration. To learn more, see Secrets keystore for secure settings.

      You can now use these ES_USER and ES_PWD keys in your configuration file. For example, add the user and password settings in the demo-metrics-pipeline.conf file as follows:

      ...
      
      output {
        elasticsearch {
          hosts => "localhost:9200"
          manage_template => false
          index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
          user => "${ES_USER}"
          password => "${ES_PWD}"
        }
      }
  2. Start Logstash by using the appropriate method for your environment.

    For example, to run Logstash from a command line, go to the Logstash directory and enter the following command:

    ./bin/logstash -f demo-metrics-pipeline.conf

    To start Logstash as a service, see Running Logstash as a service on Debian or RPM.

  3. If you were connecting directly from Metricbeat to Elasticsearch, you would need to configure authentication credentials for the Elasticsearch output in the Metricbeat configuration file. In Getting started with the Elastic Stack, however, you configured Metricbeat to send the data to Logstash for additional parsing, so no extra settings are required in Metricbeat. For more information, see Securing Metricbeat.
  4. Start Metricbeat by using the appropriate method for your environment.

    For example, on macOS, run the following command from the Metricbeat directory:

    ./metricbeat -e

    For more methods, see Starting Metricbeat.

Wait a few minutes for new data to be sent from Metricbeat to Logstash and Elasticsearch.