Before deploying Functionbeat to your cloud provider, you need to specify details about the cloud functions that you want to deploy, including the function name and type, and the triggers that will cause the function to execute. You also need to specify connection details for your Elasticsearch cluster.
You specify settings in the
functionbeat.yml configuration file. This file
is located in the archive that you extracted earlier.
See the Config File Format section of the Beats Platform Reference for more about the structure of the config file.
Configure the functions that you want to deploy. The configuration settings vary depending on the type of function and cloud provider you’re using. This section provides a couple of example configurations.
AWS example: This example configures a function called
cloudwatchthat collects events from CloudWatch Logs. When a message is sent to the specified log group, the cloud function executes and sends message events to the configured output:
functionbeat.provider.aws.endpoint: "s3.amazonaws.com" functionbeat.provider.aws.deploy_bucket: "functionbeat-deploy" functionbeat.provider.aws.functions: - name: cloudwatch enabled: true type: cloudwatch_logs description: "lambda function for cloudwatch logs" triggers: - log_group_name: /aws/lambda/my-lambda-function
A unique name for the S3 bucket to which the functions will be uploaded.
Details about the function you want to deploy, including the name of the function, the type of service to monitor, and the log groups that trigger the function.
See Configure AWS functions for more examples.
Google cloud example: This example configures a function called
storagethat collects log events from Google Cloud Storage. When the specified event type occurs on the Cloud Storage bucket, the cloud function executes and sends events to the configured output:
functionbeat.provider.gcp.location_id: "europe-west2" functionbeat.provider.gcp.project_id: "my-project-123456" functionbeat.provider.gcp.storage_name: "functionbeat-deploy" functionbeat.provider.gcp.functions: - name: storage enabled: true type: storage description: "Google Cloud Function for Cloud Storage" trigger: resource: "projects/my-project/buckets/my-storage" event_type: "google.storage.object.finalize"
The name of the GCP storage bucket where the function artifacts will be deployed.
Details about the function you want to deploy, including the name of the function, the type of resource to monitor, and the resource event that triggers the function.
See Configure Google functions for more examples.
Configure the output. Functionbeat supports a variety of outputs, but typically you’ll either send events directly to Elasticsearch, or to Logstash for additional processing.
To send output directly to Elasticsearch (without using Logstash), set the location of the Elasticsearch installation:
If you’re running Elasticsearch on your own hardware, set the host and port where Functionbeat can find the Elasticsearch installation. For example:
output.elasticsearch: hosts: ["myEShost:9200"]
If Elasticsearch and Kibana are secured, set credentials in the
functionbeat.ymlconfig file before you run the commands that set up and start Functionbeat.
If you’re running Elasticsearch on your own hardware, specify your Elasticsearch and Kibana credentials:
This examples shows a hard-coded password, but you should store sensitive values in environment variables.
passwordsettings for Kibana are optional. If you don’t specify credentials for Kibana, Functionbeat uses the
passwordspecified for the Elasticsearch output.
To use the pre-built Kibana dashboards, this user must have the
kibana_userbuilt-in role or equivalent privileges.
For more information, see Securing Functionbeat.
To test your configuration file, change to the directory where the
Functionbeat binary is installed, and run Functionbeat in the foreground with
the following options specified:
./functionbeat test config -e. Make sure your
config files are in the path expected by Functionbeat (see Directory layout),
or use the
-c flag to specify the path to the config file.
For more information about configuring Functionbeat, see Configuring Functionbeat.