WARNING: Version 1.3 of Packetbeat has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
One important feature of Packetbeat is that it knows the name of the source and destination servers for each transaction. It does this without needing to maintain a central configuration. Instead, each Beat notes the hostname of the server where the Beat runs, and maps the hostname to the list of IP addresses of that server.
Packetbeat stores the topology information in an Elasticsearch index, so to save
the network topology, you need to use Elasticsearch as output and set the
save_topology configuration option to true.
output: elasticsearch: hosts: ["localhost:9200"] save_topology: true