Articles By Andrew Kroh

Logstash Lines: Pipeline Input and Output

With the Logstash Lines series, we're keeping you up to date with all that's new in Logstash, from the details of pull requests to learning resources.

Brewing in Beats: Heartbeat HTTP Body Validation

With the Brewing in Beats series, we're keeping you up to date with all that's new in Beats, from the details of pull requests to learning resources.

Engineering

Introducing Auditbeat: Ship Linux Audit Logs to Elasticsearch and More

Auditbeat is a new Beat in 6.0. It audits the activities of users and processes. It collects Linux audit logs (similar to auditd) and monitors file integrity.

Engineering

Monitoring Container Resource Usage with Metricbeat

Using Metricbeat to collect container metrics using Linux cgroups.

Engineering

Monitoring Windows Logons with Winlogbeat

How to use the Winlogbeat and Kibana to visualize logon events from Windows event logs.

Engineering

Detecting DNS Tunnels with Packetbeat and Watcher

Using Packetbeat with Elasticsearch and Watcher to detect DNS tunnels.