Can users configure Auditbeat to have multiple outputs? For example one output Elasticsearch and one output the file system. It appears that's not possible.
Hi @data_smith,
Beats don't support multiple outputs, you would need to use Logstash to send your events them and do some routing to everywhere you need.
As a workaround, you could also send Auditbeat events to the file output, and use Filebeat to forward them to Elasticsearch.
Best regards
OK Thanks