Configure the output for Elasticsearch Service on Elastic Cloud
editConfigure the output for Elasticsearch Service on Elastic Cloud
editAuditbeat comes with two settings that simplify the output configuration when used together with Elasticsearch Service. When defined, these setting overwrite settings from other parts in the configuration.
Example:
cloud.id: "staging:dXMtZWFzdC0xLmF3cy5mb3VuZC5pbyRjZWM2ZjI2MWE3NGJmMjRjZTMzYmI4ODExYjg0Mjk0ZiRjNmMyY2E2ZDA0MjI0OWFmMGNjN2Q3YTllOTYyNTc0Mw==" cloud.auth: "elastic:YOUR_PASSWORD"
These settings can be also specified at the command line, like this:
auditbeat -e -E cloud.id="<cloud-id>" -E cloud.auth="<cloud.auth>"
cloud.id
editThe Cloud ID, which can be found in the Elasticsearch Service web console, is used by
Auditbeat to resolve the Elasticsearch and Kibana URLs. This setting
overwrites the output.elasticsearch.hosts
and setup.kibana.host
settings.
The base64 encoded cloud.id
found in the Elasticsearch Service web console does not explicitly specify a port. This means that Auditbeat will default to using port 443 when using cloud.id
, not the commonly configured cloud endpoint port 9243.
cloud.auth
editWhen specified, the cloud.auth
overwrites the output.elasticsearch.username
and
output.elasticsearch.password
settings. Because the Kibana settings inherit
the username and password from the Elasticsearch output, this can also be used
to set the setup.kibana.username
and setup.kibana.password
options.