The Console output writes events in JSON format to stdout.
The Console output should be used only for debugging issues as it can produce a large amount of logging data.
To use this output, edit the Auditbeat configuration file to disable the Elasticsearch
output by commenting it out, and enable the console output by adding
output.console: pretty: true
You can specify the following
output.console options in the
auditbeat.yml config file:
The enabled config is a boolean setting to enable or disable the output. If set to false, the output is disabled.
The default value is
pretty is set to true, events written to stdout will be nicely formatted. The default is false.
Output codec configuration. If the
codec section is missing, events will be json encoded using the
See Change the output codec for more information.
The maximum number of events to buffer internally during publishing. The default is 2048.
Specifying a larger batch size may add some latency and buffering during publishing. However, for Console output, this setting does not affect how events are published.
bulk_max_size to values less than or equal to 0 disables the
splitting of batches. When splitting is disabled, the queue decides on the
number of events to be contained in a batch.
Intro to Kibana
ELK for Logs & Metrics