I'm trying to find out if it is possible to apply filebeat module config/parsers to redis input.
We ship suricata logs from firewalls to redis and then we pull them from redis with logstash. Now I'd like to use filebeat suricata module parsing and normalization to ECS. I can pull logs with filebeat redis input, but can I then apply suricata module rules(normalization/multiline events(not sure if there are any miltiline events in suricata) to it?
My aim is to ship logs in format where we can use build in SIEM app. Alternative solution could be to manipulate logs in logstash to prepend suricata.eve and ship to filebeat index.