Configure authentication credentialsedit

When sending data to a secured cluster through the elasticsearch output, Filebeat must either provide basic authentication credentials or present a client certificate.

Before you begin: Grant users access to secured resources.

You specify authentication credentials in the Filebeat configuration file:

  • To use basic authentication, specify the username and password settings under output.elasticsearch. For example:

    output.elasticsearch:
      hosts: ["localhost:9200"]
      username: "filebeat_writer" 
      password: "YOUR_PASSWORD" 

    Let’s assume this user has the privileges required to publish events to Elasticsearch.

    The example shows a hard-coded password, but you should store sensitive values in the secrets keystore.

    If you’ve configured the Kibana endpoint, also specify credentials for authenticating with Kibana. For example:

    setup.kibana:
      host: "mykibanahost:5601"
      username: "filebeat_setup" 
      password: "YOUR_PASSWORD"

    Let’s assume this user has the privileges required to set up dashboards.

  • To use Public Key Infrastructure (PKI) certificates to authenticate users, configure the certificate and key settings. These settings assume that the distinguished name (DN) in the certificate is mapped to the appropriate roles in the role_mapping.yml file on each node in the Elasticsearch cluster. For more information, see Using role mapping files.

    output.elasticsearch:
      hosts: ["localhost:9200"]
      ssl.certificate: "/etc/pki/client/cert.pem"
      ssl.key: "/etc/pki/client/cert.key"

To learn more about Elastic Stack security features and other types of authentication, see Securing the Elastic Stack.