Auditbeat comes with two settings that simplify the output configuration when used together with Elasticsearch Service. When defined, these setting overwrite settings from other parts in the configuration.
cloud.id: "staging:dXMtZWFzdC0xLmF3cy5mb3VuZC5pbyRjZWM2ZjI2MWE3NGJmMjRjZTMzYmI4ODExYjg0Mjk0ZiRjNmMyY2E2ZDA0MjI0OWFmMGNjN2Q3YTllOTYyNTc0Mw==" cloud.auth: "elastic:YOUR_PASSWORD"
These settings can be also specified at the command line, like this:
auditbeat -e -E cloud.id="<cloud-id>" -E cloud.auth="<cloud.auth>"
The Cloud ID, which can be found in the Elasticsearch Service web console, is used by
Auditbeat to resolve the Elasticsearch and Kibana URLs. This setting
The base64 encoded
cloud.id found in the Elasticsearch Service web console does not explicitly specify a port. This means that Auditbeat will default to using port 443 when using
cloud.id, not the commonly configured cloud endpoint port 9243.
When specified, the
cloud.auth overwrites the
output.elasticsearch.password settings. Because the Kibana settings inherit
the username and password from the Elasticsearch output, this can also be used
to set the