- Filebeat Reference: other versions:
- Overview
- Getting Started With Filebeat
- Step 1: Install Filebeat
- Step 2: Configure Filebeat
- Step 3: Configure Filebeat to use Logstash
- Step 4: Load the index template in Elasticsearch
- Step 5: Set up the Kibana dashboards
- Step 6: Start Filebeat
- Step 7: View the sample Kibana dashboards
- Quick start: modules for common log formats
- Repositories for APT and YUM
- Setting up and running Filebeat
- Upgrading Filebeat
- How Filebeat works
- Configuring Filebeat
- Specify which modules to run
- Configure inputs
- Manage multiline messages
- Specify general settings
- Load external configuration files
- Configure the internal queue
- Configure the output
- Configure index lifecycle management
- Load balance the output hosts
- Specify SSL settings
- Filter and enhance the exported data
- Define processors
- Add cloud metadata
- Add fields
- Add labels
- Add the local time zone
- Add tags
- Decode JSON fields
- Drop events
- Drop fields from events
- Keep fields from events
- Rename fields from events
- Add Kubernetes metadata
- Add Docker metadata
- Add Host metadata
- Dissect strings
- DNS Reverse Lookup
- Add process metadata
- Parse data by using ingest node
- Enrich events with geoIP information
- Configure project paths
- Configure the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- Autodiscover
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- filebeat.reference.yml
- Beats central management
- Modules
- Modules overview
- Apache module
- Auditd module
- Elasticsearch module
- haproxy module
- Icinga module
- IIS module
- Iptables module
- Kafka module
- Kibana module
- Logstash module
- MongoDB module
- MySQL module
- Nginx module
- Osquery module
- PostgreSQL module
- Redis module
- Santa module
- Suricata module
- System module
- Traefik module
- Zeek (Bro) Module
- Exported fields
- Apache fields
- Auditd fields
- Beat fields
- Cloud provider metadata fields
- Docker fields
- ECS fields
- elasticsearch fields
- haproxy fields
- Host fields
- Icinga fields
- IIS fields
- iptables fields
- Kafka fields
- kibana fields
- Kubernetes fields
- Log file content fields
- logstash fields
- mongodb fields
- MySQL fields
- NetFlow fields
- Nginx fields
- Osquery fields
- PostgreSQL fields
- Process fields
- Redis fields
- Google Santa fields
- Suricata fields
- System fields
- Traefik fields
- Zeek fields
- Monitoring Filebeat
- Securing Filebeat
- Troubleshooting
- Contributing to Beats
Configure Filebeat to use X-Pack security
editConfigure Filebeat to use X-Pack security
editIf you want Filebeat to connect to a cluster that has X-Pack security enabled, there are extra configuration steps:
-
Grant users access to secured resources.
You can use role-based access control to grant Filebeat users access to secured resources.
-
Configure authentication credentials.
To interact with a secured cluster, Filebeat must either provide basic authentication credentials or present a client certificate.
-
Configure Filebeat to use encrypted connections.
If encryption is enabled on the cluster, you need to enable HTTPS in the Filebeat configuration.
-
Set the password for the built-in monitoring user.
Filebeat uses the
beats_systemuser to send monitoring data to Elasticsearch. If you plan to monitor Filebeat in Kibana and have not yet set up the password, set it up now.
For more information about X-Pack security, see Securing the Elastic Stack.