You can specify the following options in the
xpack.monitoring section of the
auditbeat.yml config file:
enabled config is a boolean setting to enable or disable X-Pack monitoring.
If set to
true, monitoring is enabled.
The default value is
The Elasticsearch instances that you want to ship your Auditbeat metrics to. This configuration option contains the following fields:
The maximum number of metrics to bulk in a single Elasticsearch bulk API index request.
The default is
50. For more information, see Elasticsearch.
The number of seconds to wait before trying to reconnect to Elasticsearch after
a network error. After waiting
backoff.init seconds, Auditbeat tries to
reconnect. If the attempt fails, the backoff timer is increased exponentially up
backoff.max. After a successful connection, the backoff timer is reset. The
default is 1s.
The maximum number of seconds to wait before attempting to connect to Elasticsearch after a network error. The default is 60s.
The gzip compression level. Setting this value to
0 disables compression. The
compression level must be in the range of
1 (best speed) to
compression). The default value is
0. Increasing the compression level
reduces the network usage but increases the CPU usage.
Custom HTTP headers to add to each request. For more information, see Elasticsearch.
The list of Elasticsearch nodes to connect to. Monitoring metrics are distributed to these nodes in round robin order. For more information, see Elasticsearch.
The number of times to retry sending the monitoring metrics after a failure.
After the specified number of retries, the metrics are typically dropped. The
default value is
3. For more information, see Elasticsearch.
Dictionary of HTTP parameters to pass within the url with index operations.
The password that Auditbeat uses to authenticate with the Elasticsearch instances for shipping monitoring data.
The time interval (in seconds) when metrics are sent to the Elasticsearch cluster. A new snapshot of Auditbeat metrics is generated and scheduled for publishing each period. The default value is 10 * time.Second.
The time interval (in seconds) when state information are sent to the Elasticsearch cluster. A new snapshot of Auditbeat state is generated and scheduled for publishing each period. The default value is 60 * time.Second.
The name of the protocol to use when connecting to the Elasticsearch cluster. The options
https. The default is
http. If you specify a URL for
however, the value of protocol is overridden by the scheme you specify in the URL.
The URL of the proxy to use when connecting to the Elasticsearch cluster. For more information, see Elasticsearch.
The HTTP request timeout in seconds for the Elasticsearch request. The default is
Configuration options for Transport Layer Security (TLS) or Secure Sockets Layer
(SSL) parameters like the certificate authority (CA) to use for HTTPS-based
connections. If the
ssl section is missing, the host CAs are used for
HTTPS connections to Elasticsearch. For more information, see Specify SSL settings.
The user ID that Auditbeat uses to authenticate with the Elasticsearch instances for shipping monitoring data.