Configure the output for Elasticsearch Service on Elastic Cloud

edit

Configure the output for Elasticsearch Service on Elastic Cloud

edit

Auditbeat comes with two settings that simplify the output configuration when used together with Elasticsearch Service. When defined, these setting overwrite settings from other parts in the configuration.

Example:

cloud.id: "staging:dXMtZWFzdC0xLmF3cy5mb3VuZC5pbyRjZWM2ZjI2MWE3NGJmMjRjZTMzYmI4ODExYjg0Mjk0ZiRjNmMyY2E2ZDA0MjI0OWFmMGNjN2Q3YTllOTYyNTc0Mw=="
cloud.auth: "elastic:YOUR_PASSWORD"

These settings can be also specified at the command line, like this:

auditbeat -e -E cloud.id="<cloud-id>" -E cloud.auth="<cloud.auth>"

cloud.id

edit

The Cloud ID, which can be found in the Elasticsearch Service web console, is used by Auditbeat to resolve the Elasticsearch and Kibana URLs. This setting overwrites the output.elasticsearch.hosts and setup.kibana.host settings. For more on locating and configuring the Cloud ID, see Configure Beats and Logstash with Cloud ID.

cloud.auth

edit

When specified, the cloud.auth overwrites the output.elasticsearch.username and output.elasticsearch.password settings. Because the Kibana settings inherit the username and password from the Elasticsearch output, this can also be used to set the setup.kibana.username and setup.kibana.password options.