:plugin: beats
:type: input

///////////////////////////////////////////
START - GENERATED VARIABLES, DO NOT EDIT!
///////////////////////////////////////////
:version: %VERSION%
:release_date: %RELEASE_DATE%
:changelog_url: %CHANGELOG_URL%
:include_path: ../../../logstash/docs/include
///////////////////////////////////////////
END - GENERATED VARIABLES, DO NOT EDIT!
///////////////////////////////////////////

[id="plugins-{type}-{plugin}"]

=== Beats

include::{include_path}/plugin_header.asciidoc[]

==== Description

This input plugin enables Logstash to receive events from the
https://www.elastic.co/products/beats[Elastic Beats] framework.

The following example shows how to configure Logstash to listen on port
5044 for incoming Beats connections and to index into Elasticsearch:

[source,ruby]
------------------------------------------------------------------------------
input {
  beats {
    port => 5044
  }
}

output {
  elasticsearch {
    hosts => "localhost:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}
------------------------------------------------------------------------------

NOTE: The Beats shipper automatically sets the `type` field on the event.
You cannot override this setting in the Logstash config. If you specify
a setting for the <<plugins-inputs-beats-type,`type`>> config option in
Logstash, it is ignored.

IMPORTANT: If you are shipping events that span multiple lines, you need to
use the configuration options available in Filebeat to handle multiline events
before sending the event data to Logstash. You cannot use the
<<plugins-codecs-multiline>> codec to handle multiline events. Doing so may
result in the mixing of streams and corrupted event data. 


[id="plugins-{type}s-{plugin}-options"]
==== Beats Input Configuration Options

This plugin supports the following configuration options plus the <<plugins-{type}s-common-options>> described later.

[cols="<,<,<",options="header",]
|=======================================================================
|Setting |Input type|Required
| <<plugins-{type}s-{plugin}-cipher_suites>> |<<array,array>>|No
| <<plugins-{type}s-{plugin}-client_inactivity_timeout>> |<<number,number>>|No
| <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
| <<plugins-{type}s-{plugin}-include_codec_tag>> |<<boolean,boolean>>|No
| <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
| <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|No
| <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
| <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
| <<plugins-{type}s-{plugin}-ssl_handshake_timeout>> |<<number,number>>|No
| <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
| <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
| <<plugins-{type}s-{plugin}-ssl_verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|No
| <<plugins-{type}s-{plugin}-tls_max_version>> |<<number,number>>|No
| <<plugins-{type}s-{plugin}-tls_min_version>> |<<number,number>>|No
|=======================================================================

Also see <<plugins-{type}s-common-options>> for a list of options supported by all
input plugins.

&nbsp;

[id="plugins-{type}s-{plugin}-cipher_suites"]
===== `cipher_suites` 

  * Value type is <<array,array>>
  * Default value is `java.lang.String[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@459cfcca`

The list of ciphers suite to use, listed by priorities.

[id="plugins-{type}s-{plugin}-client_inactivity_timeout"]
===== `client_inactivity_timeout` 

  * Value type is <<number,number>>
  * Default value is `60`

Close Idle clients after X seconds of inactivity.

[id="plugins-{type}s-{plugin}-congestion_threshold"]
===== `congestion_threshold`  (DEPRECATED)

  * DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
  * Value type is <<number,number>>
  * Default value is `5`

The number of seconds before we raise a timeout. 
This option is useful to control how much time to wait if something is blocking the pipeline.

[id="plugins-{type}s-{plugin}-host"]
===== `host` 

  * Value type is <<string,string>>
  * Default value is `"0.0.0.0"`

The IP address to listen on.

[id="plugins-{type}s-{plugin}-include_codec_tag"]
===== `include_codec_tag` 

  * Value type is <<boolean,boolean>>
  * Default value is `true`



[id="plugins-{type}s-{plugin}-port"]
===== `port` 

  * This is a required setting.
  * Value type is <<number,number>>
  * There is no default value for this setting.

The port to listen on.

[id="plugins-{type}s-{plugin}-ssl"]
===== `ssl` 

  * Value type is <<boolean,boolean>>
  * Default value is `false`

Events are by default sent in plain text. You can
enable encryption by setting `ssl` to true and configuring
the `ssl_certificate` and `ssl_key` options.

[id="plugins-{type}s-{plugin}-ssl_certificate"]
===== `ssl_certificate` 

  * Value type is <<path,path>>
  * There is no default value for this setting.

SSL certificate to use.

[id="plugins-{type}s-{plugin}-ssl_certificate_authorities"]
===== `ssl_certificate_authorities` 

  * Value type is <<array,array>>
  * Default value is `[]`

Validate client certificates against these authorities. 
You can define multiple files or paths. All the certificates will
be read and added to the trust store. You need to configure the `ssl_verify_mode`
to `peer` or `force_peer` to enable the verification.


[id="plugins-{type}s-{plugin}-ssl_handshake_timeout"]
===== `ssl_handshake_timeout` 

  * Value type is <<number,number>>
  * Default value is `10000`

Time in milliseconds for an incomplete ssl handshake to timeout

[id="plugins-{type}s-{plugin}-ssl_key"]
===== `ssl_key` 

  * Value type is <<path,path>>
  * There is no default value for this setting.

SSL key to use.
NOTE: This key need to be in the PKCS8 format, you can convert it with https://www.openssl.org/docs/man1.1.0/apps/pkcs8.html[OpenSSL]
for more information.

[id="plugins-{type}s-{plugin}-ssl_key_passphrase"]
===== `ssl_key_passphrase` 

  * Value type is <<password,password>>
  * There is no default value for this setting.

SSL key passphrase to use.

[id="plugins-{type}s-{plugin}-ssl_verify_mode"]
===== `ssl_verify_mode` 

  * Value can be any of: `none`, `peer`, `force_peer`
  * Default value is `"none"`

By default the server doesn't do any client verification.

`peer` will make the server ask the client to provide a certificate. 
If the client provides a certificate, it will be validated.

`force_peer` will make the server ask the client to provide a certificate.
If the client doesn't provide a certificate, the connection will be closed.

This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.

[id="plugins-{type}s-{plugin}-target_field_for_codec"]
===== `target_field_for_codec`  (DEPRECATED)

  * DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
  * Value type is <<string,string>>
  * Default value is `"message"`

This is the default field to which the specified codec will be applied.

[id="plugins-{type}s-{plugin}-tls_max_version"]
===== `tls_max_version` 

  * Value type is <<number,number>>
  * Default value is `1.2`

The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2

[id="plugins-{type}s-{plugin}-tls_min_version"]
===== `tls_min_version` 

  * Value type is <<number,number>>
  * Default value is `1`

The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2



include::{include_path}/{type}.asciidoc[]