Enroll Beats in central managementedit

You need to enroll Beats to register them in central management and establish trust. Enrolled Beats will have the credentials needed to retrieve configurations from Kibana.

During the enrollment process:

  1. The Beat contacts Kibana and tries to register
  2. Kibana registers the Beat instance and returns an access token for configuration polling
  3. The enroll command creates a backup of your configuration and then overwrites the current settings so they can be managed centrally

To enroll Beats, use either token-based or username and password-based enrollment.

Prerequisitesedit

  • Verify that your Elastic license includes the Beats central management feature.

    Don’t have a license? You can start a 30-day trial. At the end of the trial period, you can purchase a subscription to keep using central management. For more information, see https://www.elastic.co/subscriptions and License Management.

  • Enable security in Kibana to ensure that only users with sufficient privileges are able to access Beats configurations.
  • Assign the beats_admin role to any users who need to enroll Beats or manage configuration settings in central management.

Token-based enrollmentedit

Token-based enrollment is recommended if you are enrolling Beats manually.

To use token-based enrollment, go to Kibana → Management → Beats and click Enroll Beat. Select the Beat type and operating system, then copy and run the command for enrolling the Beat.

The command has this format:

filebeat enroll KIBANA_URL TOKEN
KIBANA_URL
The URL of the Kibana instance you will use for central management.
TOKEN
The enrollment token generated by the Central Management UI. The enrollment token will expire as soon as it’s used.

Repeat this process to enroll additional Beats.

Username and password-based enrollmentedit

You can also enroll by specifying a username and password. This is the recommended way for scripted deploys:

filebeat enroll KIBANA_URL --username USER --password METHOD [--force]
--username USER
The username to use for password-based enrollment. The default username is elastic.
--password METHOD

The method to use for getting the password. Available options are:

  • env:VAR_NAME gets the password from the environment variable VAR_NAME
  • stdin prompts the user for a password. This is the default.
--force
Overwrites the current settings without asking for confirmation.