You need to enroll Beats to register them in central management and establish trust. Enrolled Beats will have the credentials needed to retrieve configurations from Kibana.
During the enrollment process:
- The Beat contacts Kibana and tries to register
- Kibana registers the Beat instance and returns an access token for configuration polling
- The enroll command creates a backup of your configuration and then overwrites the current settings so they can be managed centrally
Verify that your Elastic license includes the Beats central management feature.
Don’t have a license? You can start a 30-day trial. At the end of the trial period, you can purchase a subscription to keep using central management. For more information, see https://www.elastic.co/subscriptions and License Management.
- Enable security in Kibana to ensure that only users with sufficient privileges are able to access Beats configurations.
beats_adminrole to any users who need to enroll Beats or manage configuration settings in central management.
Token-based enrollment is recommended if you are enrolling Beats manually.
To use token-based enrollment, go to Kibana → Management → Beats and click
Enroll Beat. Select the Beat type and operating system, then copy and run the
command for enrolling the Beat.
The command has this format:
filebeat enroll KIBANA_URL TOKEN
- The URL of the Kibana instance you will use for central management.
- The enrollment token generated by the Central Management UI. The enrollment token will expire as soon as it’s used.
Repeat this process to enroll additional Beats.
Username and password-based enrollmentedit
You can also enroll by specifying a username and password. This is the recommended way for scripted deploys:
filebeat enroll KIBANA_URL --username USER --password METHOD [--force]
The username to use for password-based enrollment. The default
The method to use for getting the password. Available options are:
env:VAR_NAMEgets the password from the environment variable
stdinprompts the user for a password. This is the default.
- Overwrites the current settings without asking for confirmation.