WARNING: Version 1.0.1 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
If you want to use Logstash to perform additional processing on the data collected by Packetbeat, you need to configure Packetbeat to use Logstash.
To do this, you edit the Packetbeat configuration file to disable the Elasticsearch output and use the Logstash output instead:
output: logstash: hosts: ["127.0.0.1:5044"] # configure logstash plugin to loadbalance events between # configured logstash hosts #loadbalance: false
In this configuration,
hosts specifies the Logstash server and the port (
where Logstash is configured to listen for incoming Beats connections.
To use this configuration, you must also set up Logstash to receive events from Beats.