6.4.6.2 X-Pack on Logstash

请参考官方文档完成部署 , 部署步骤如下

Run bin/logstash-plugin install from the Logstash installation directory.

bin/logstash-plugin install x-pack

The plugin install scripts require direct internet access to download and install X-Pack. If your server doesn’t have internet access, specify the location of the X-Pack zip file that you downloaded to a temporary directory.

Configuring Security in Logstash

Logstash needs to be able to manage index templates, create indices, and write and delete documents in the indices it creates.

  1. Use the the Management > Roles UI in Kibana or the role API to create a logstash_writer role. For cluster privileges, add manage_index_templates and monitor. For indices privileges, add write, create, delete, and create_index.

    If you plan to use index lifecycle management, also add manage_ilm for cluster and manage and manage_ilm for indices.

    1. The cluster needs the manage_ilm privilege if index lifecycle management is enabled.

    2. If you use a custom Logstash index pattern, specify your custom pattern instead of the default logstash-* pattern.

    3. If index lifecycle management is enabled, the role requires the manage and manage_ilm privileges to load index lifecycle policies, create rollover aliases, and create and manage rollover indices.

  2. Create a logstash_internal user and assign it the logstash_writer role. You can create users from the Management > Users UI in Kibana or through the user API:

  3. Configure Logstash to authenticate as the logstash_internal user you just created. You configure credentials separately for each of the Elasticsearch plugins in your Logstash .conf file. For example:

Monitoring for Logstash

关键参数说明

  • xpack.monitoring.enabled

    设置为truefalse来打开或者关闭monitoing, 默认为关闭

  • xpack.monitoring.elasticsearch.url

    接受logstash发送的metries的elasticsearch地址, ["http://es-prod-node-1:9200", "http://es-prod-node-2:9200"]

  • xpack.monitoring.elasticsearch.username and xpack.monitoring.elasticsearch.password

    elasticsearch开启了认证功能需要提供logstash_system的用户名和密码,

  • xpack.monitoring.elasticsearch.sniffing

    将嗅探设置为true,以便发现elasticsearch集群的其他节点,默认值为false

  • xpack.monitoring.collection.interval

    控制在logstash端收集和发布metries的时间, 默认为10s

开启Monitoring

编辑logstash.yml, 添加如下内容

Centralized pipeline management

开启X-Pack Management功能后,启动logstash的时候就不用再配置logstash.conf文件了,启动的时候也不用再使用-f指定这个文件进行启动了, 开启这个功能

关键参数说明

  • xpack.management.enabled

设置为true表示为Logstash开启X-Pack 集中式配置管理。

  • xpack.management.logstash.poll_interval

Logstash实例轮询来自Elasticsearch的管道更改的频率。默认值为5s。

  • xpack.management.pipeline.id

指定以逗号分隔的管道标识列表,以便为集中式管道生产管理注册。更改此设置后,您需要重新启动Logstash来使更改生效。 需要登录kibana --> management --> logstash --> pipelines创建pipeline

  • xpack.management.elasticsearch.url

  • xpack.management.elasticsearch.usernameand xpack.management.elasticsearch.password

开启pipe集中管理

编辑logstash.yml添加如下内容

上一页6.4.6.1 X-Pack on Elasticsearch下一页6.4.6.3 X-Pack on Kibana

最后更新于

这有帮助吗?