To configure centralized pipeline management:
Verify that you are using a license that includes the pipeline management feature.
Specify configuration management settings in the
logstash.ymlfile. At a minimum, set:
xpack.management.enabled: trueto enable centralized configuration management.
xpack.management.elasticsearch.hoststo specify the Elasticsearch instance that will store the Logstash pipeline configurations and metadata.
xpack.management.pipeline.idto register the pipelines that you want to centrally manage.
- Restart Logstash.
- If your Elasticsearch cluster is protected with basic authentication, assign
logstash_adminrole to any users who will use centralized pipeline management. See X-Pack security.
Centralized management is disabled until you configure and enable X-Pack security.
After you’ve configured Logstash to use centralized pipeline
management, you can no longer specify local pipeline configurations. This means
pipelines.yml file and settings like
config.string are inactive when this feature is enabled.
The following example shows basic settings that assume Elasticsearch and Kibana are installed on the localhost with basic AUTH enabled, but no SSL. If you’re using SSL, you need to specify additional SSL settings.
xpack.management.enabled: true xpack.management.elasticsearch.hosts: "http://localhost:9200/" xpack.management.elasticsearch.username: logstash_admin_user xpack.management.elasticsearch.password: t0p.s3cr3t xpack.management.logstash.poll_interval: 5s xpack.management.pipeline.id: ["apache", "cloudwatch_logs"]
- Set to
trueto enable X-Pack centralized configuration management for Logstash.
- How often the Logstash instance polls for pipeline changes from Elasticsearch. The default is 5s.
- Specify a comma-separated list of pipeline IDs to register for centralized pipeline management. After changing this setting, you need to restart Logstash to pick up changes.
- The Elasticsearch instance that will store the Logstash pipeline configurations and
metadata. This might be the same Elasticsearch instance specified in the
outputssection in your Logstash configuration, or a different one. Defaults to
- If your Elasticsearch cluster is protected with basic authentication, these settings
provide the username and password that the Logstash instance uses to
authenticate for accessing the configuration data. The username you specify here
should have the
logstash_adminrole, which provides access to
.logstash-*indices for managing configurations.
- Optional setting that enables you to specify a path to the
.pemfile for the certificate authority for your Elasticsearch instance.
- Optional setting that provides the path to the Java keystore (JKS) to validate the server’s certificate.
- Optional setting that provides the password to the truststore.
- Optional setting that provides the path to the Java keystore (JKS) to validate the client’s certificate.
- Optional setting that provides the password to the keystore.