Deprecated in 6.0.0.

The default value has been changed to false. In 7.0.0 this setting will be removed

Flag to determine whether to add host field to event using the value supplied by the beat in the hostname field.

The list of ciphers suite to use, listed by priorities.

Close Idle clients after X seconds of inactivity.

The IP address to listen on.

The port to listen on.

Events are by default sent in plain text. You canenable encryption by setting ssl to true and configuringthe ssl_certificate and ssl_key options.

SSL certificate to use.

Validate client certificates against these authorities.You can define multiple files or paths. All the certificates willbe read and added to the trust store. You need to configure the ssl_verify_modeto peer or force_peer to enable the verification.

Time in milliseconds for an incomplete ssl handshake to timeout

SSL key to use.NOTE: This key need to be in the PKCS8 format, you can convert it with OpenSSLfor more information.

SSL key passphrase to use.

By default the server doesn’t do any client verification.

peer will make the server ask the client to provide a certificate.If the client provides a certificate, it will be validated.

force_peer will make the server ask the client to provide a certificate.If the client doesn’t provide a certificate, the connection will be closed.

This option needs to be used with ssl_certificate_authorities and a defined list of CAs.

Enables storing client certificate information in event’s metadata.

This option is only valid when ssl_verify_mode is set to peer or force_peer.

The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2

The minimum TLS version allowed for the encrypted connections. The value must be one of the following:1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2

Add a field to an event

The codec used for input data. Input codecs are a convenient method for decoding your data before it enters the input, without needing a separate filter in your Logstash pipeline.

Disable or enable metric logging for this specific plugin instanceby default we record all the metrics we can, but you can disable metrics collectionfor a specific plugin.

Add a unique ID to the plugin configuration. If no ID is specified, Logstash will generate one.It is strongly recommended to set this ID in your configuration. This is particularly usefulwhen you have two or more plugins of the same type, for example, if you have 2 beats inputs.Adding a named ID in this case will help in monitoring Logstash when using the monitoring APIs.

input {  beats {    id => "my_plugin_id"  }}

Add any number of arbitrary tags to your event.

This can help with processing later.

Add a type field to all events handled by this input.

Types are used mainly for filter activation.

The type is stored as part of the event itself, so you canalso use the type to search for it in Kibana.

If you try to set a type on an event that already has one (forexample when you send an event from a shipper to an indexer) thena new input will not override the existing type. A type set atthe shipper stays with that event for its life evenwhen sent to another Logstash server.

The Beats shipper automatically sets the type field on the event.You cannot override this setting in the Logstash config. If you specifya setting for the type config option inLogstash, it is ignored.