我想将windows事件发送到aws elastic search。elasticsearch具有连接所需的api密钥和安全密钥。我在winlog beat配置中找不到。请在下面找到我的yml代码。
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
# Array of hosts to connect to.
#hosts: ["localhost:9200"]
hosts: ["https://vpc-manufacturing-elasticsearch-celm5zj5gcf45hpghulnxshco4.ap-southeast-2.es.amazonaws.com"]
# Protocol - either `http` (default) or `https`.
#protocol: "https"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
#username: "elastic"
#password: "changeme"
region:"where to specify"
aws_access_key_id:"where to specify"
aws_secret_access_key:"where to specify"
#User: es-mfg
1条答案
按热度按时间whlutmcx1#
beats不支持aws身份验证。您可以选择:
在AmazonElasticSearch服务中设置细粒度访问控制,启用基本身份验证并继续elasticsearch输出。
对于基于iam的域访问策略,请设置logstash,安装logstash output amazon es plugin并正确设置访问凭据。最后,在beat中配置logstash输出,指向这个logstash示例。