Articles By Andrew Kroh

18 April 2018

Logstash Lines: Pipeline Input and Output

By Andrew Kroh

With the Logstash Lines series, we're keeping you up to date with all that's new in Logstash, from the details of pull requests to learning resources.

18 April 2018

Brewing in Beats: Heartbeat HTTP Body Validation

By Andrew Kroh

With the Brewing in Beats series, we're keeping you up to date with all that's new in Beats, from the details of pull requests to learning resources.

15 August 2017 Engineering

Introducing Auditbeat: Ship Linux Audit Logs to Elasticsearch and More

By Andrew Kroh

Auditbeat is a new Beat in 6.0. It audits the activities of users and processes. It collects Linux audit logs (similar to auditd) and monitors file integrity.

14 September 2016 Engineering

Monitoring Container Resource Usage with Metricbeat

By Andrew Kroh

Using Metricbeat to collect container metrics using Linux cgroups.

26 May 2016 Engineering

Monitoring Windows Logons with Winlogbeat

By Andrew Kroh

How to use the Winlogbeat and Kibana to visualize logon events from Windows event logs.

16 February 2016 Engineering

Detecting DNS Tunnels with Packetbeat and Watcher

By Andrew Kroh

Using Packetbeat with Elasticsearch and Watcher to detect DNS tunnels.