beats
editbeats
edit- Version: 3.1.12
- Released on: November 30, 2016
- Changelog
Getting Help
editFor questions about the plugin, open a topic in the Discuss forums. For bugs or feature requests, open an issue in Github. For the list of Elastic supported plugins, please consult the Elastic Support Matrix.
Description
editThis input plugin enables Logstash to receive events from the Elastic Beats framework.
The following example shows how to configure Logstash to listen on port 5044 for incoming Beats connections and to index into Elasticsearch:
input { beats { port => 5044 } } output { elasticsearch { hosts => "localhost:9200" manage_template => false index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" document_type => "%{[@metadata][type]}" } }
The Beats shipper automatically sets the type
field on the event.
You cannot override this setting in the Logstash config. If you specify
a setting for the type
config option in
Logstash, it is ignored.
This monkey patch add callback based flow to the codec until its shipped with core. This give greater flexibility to the implementation by sending more data to the actual block.
Synopsis
editThis plugin supports the following configuration options:
Required configuration options:
beats { port => ... }
Available configuration options:
Setting | Input type | Required |
---|---|---|
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
Yes |
||
No |
||
a valid filesystem path |
No |
|
No |
||
No |
||
a valid filesystem path |
No |
|
No |
||
string, one of |
No |
|
No |
||
No |
||
No |
||
No |
Details
edit
cipher_suites
edit- Value type is array
-
Default value is
java.lang.String[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@73ae0026
The list of ciphers suite to use, listed by priorities.
client_inactivity_timeout
edit- Value type is number
-
Default value is
60
Close Idle clients after X seconds of inactivity.
codec
edit- Value type is codec
-
Default value is
"plain"
The codec used for input data. Input codecs are a convenient method for decoding your data before it enters the input, without needing a separate filter in your Logstash pipeline.
congestion_threshold
(DEPRECATED)
edit- DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
- Value type is number
-
Default value is
5
The number of seconds before we raise a timeout. This option is useful to control how much time to wait if something is blocking the pipeline.
enable_metric
edit- Value type is boolean
-
Default value is
true
Disable or enable metric logging for this specific plugin instance by default we record all the metrics we can, but you can disable metrics collection for a specific plugin.
id
edit- Value type is string
- There is no default value for this setting.
Add a unique ID
to the plugin configuration. If no ID is specified, Logstash will generate one.
It is strongly recommended to set this ID in your configuration. This is particularly useful
when you have two or more plugins of the same type, for example, if you have 2 grok filters.
Adding a named ID in this case will help in monitoring Logstash when using the monitoring APIs.
output { stdout { id => "my_plugin_id" } }
port
edit- This is a required setting.
- Value type is number
- There is no default value for this setting.
The port to listen on.
ssl
edit- Value type is boolean
-
Default value is
false
Events are by default sent in plain text. You can
enable encryption by setting ssl
to true and configuring
the ssl_certificate
and ssl_key
options.
ssl_certificate
edit- Value type is path
- There is no default value for this setting.
SSL certificate to use.
ssl_certificate_authorities
edit- Value type is array
-
Default value is
[]
Validate client certificates against these authorities.
You can define multiple files or paths. All the certificates will
be read and added to the trust store. You need to configure the ssl_verify_mode
to peer
or force_peer
to enable the verification.
ssl_handshake_timeout
edit- Value type is number
-
Default value is
10000
Time in milliseconds for an incomplete ssl handshake to timeout
ssl_key
edit- Value type is path
- There is no default value for this setting.
SSL key to use. NOTE: This key need to be in the PKCS8 format, you can convert it with OpenSSL for more information.
ssl_key_passphrase
edit- Value type is password
- There is no default value for this setting.
SSL key passphrase to use.
ssl_verify_mode
edit-
Value can be any of:
none
,peer
,force_peer
-
Default value is
"none"
By default the server doesn’t do any client verification.
peer
will make the server ask the client to provide a certificate.
If the client provides a certificate, it will be validated.
force_peer
will make the server ask the client to provide a certificate.
If the client doesn’t provide a certificate, the connection will be closed.
This option needs to be used with ssl_certificate_authorities
and a defined list of CAs.
tags
edit- Value type is array
- There is no default value for this setting.
Add any number of arbitrary tags to your event.
This can help with processing later.
target_field_for_codec
(DEPRECATED)
edit- DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
- Value type is string
-
Default value is
"message"
This is the default field to which the specified codec will be applied.
tls_max_version
edit- Value type is number
-
Default value is
1.2
The maximum TLS version allowed for the encrypted connections. The value must be the one of the following: 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
tls_min_version
edit- Value type is number
-
Default value is
1
The minimum TLS version allowed for the encrypted connections. The value must be one of the following: 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
type
edit- Value type is string
- There is no default value for this setting.
This is the base class for Logstash inputs.
Add a type
field to all events handled by this input.
Types are used mainly for filter activation.
The type is stored as part of the event itself, so you can also use the type to search for it in Kibana.
If you try to set a type on an event that already has one (for example when you send an event from a shipper to an indexer) then a new input will not override the existing type. A type set at the shipper stays with that event for its life even when sent to another Logstash server.