Set up the Kibana endpointedit

Starting with Beats 6.0.0, the Kibana dashboards are loaded into Kibana via the Kibana API. This requires a Kibana endpoint configuration.

You configure the endpoint in the setup.kibana section of the auditbeat.yml config file.

Here is an example configuration: "localhost:5601"

Configuration optionsedit

You can specify the following options in the setup.kibana section of the auditbeat.yml config file:


The Kibana host where the dashboards will be loaded. The default is The value of host can be a URL or IP:PORT. For example:, 192:15.3.2:5601 or If no port is specified, 5601 is used.


When a node is defined as an IP:PORT, the scheme and path are taken from the setup.kibana.protocol and setup.kibana.path config options.

IPv6 addresses must be defined using the following format: https://[2001:db8::1]:5601.


The name of the protocol Kibana is reachable on. The options are: http or https. The default is http. However, if you specify a URL for host, the value of protocol is overridden by whatever scheme you specify in the URL.

Example config: ""
setup.kibana.protocol: "https"
setup.kibana.path: /kibana


The basic authentication username for connecting to Kibana.


The basic authentication password for connecting to Elasticsearch.


An HTTP path prefix that is prepended to the HTTP API calls. This is useful for the cases where Kibana listens behind an HTTP reverse proxy that exports the API under a custom prefix.


Enables Auditbeat to use SSL settings when connecting to Kibana via HTTPS. If you configure the Beat to connect over HTTPS, this setting defaults to true and Auditbeat uses the default SSL settings.

Example configuration: ""
setup.kibana.protocol: "https"
setup.kibana.ssl.enabled: true
setup.kibana.ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
setup.kibana.ssl.certificate: "/etc/pki/client/cert.pem"
setup.kibana.ssl.key: "/etc/pki/client/cert.key

See Specify SSL settings for more information.