Step 3 (Optional): Configuring Packetbeat to Use Logstash

edit

Step 3 (Optional): Configuring Packetbeat to Use Logstash

edit

If you want to use Logstash to perform additional processing on the data collected by Packetbeat, you need to configure Packetbeat to use Logstash.

To do this, you edit the Packetbeat configuration file to disable the Elasticsearch output by commenting it out and enable the Logstash output by uncommenting the logstash section:

output:
  logstash:
    hosts: ["127.0.0.1:5044"]

    # Optional load balance the events between the Logstash hosts
    #loadbalance: true

In this configuration, hosts specifies the Logstash server and the port (5044) where Logstash is configured to listen for incoming Beats connections.

To use this configuration, you must also set up Logstash to receive events from Beats.