I'm wanting to setup auditbeat to do file integrity monitoring and want to send it to my already existing ELK stack. Right now I have logstash going to redis then logstash pulls the logs down and sends them to elasticsearch. so Logstash -> Redis -> Logstash ->Elastic search ->kibana. I have got audit beats working by outputing directly to elasticsearch however i want to run it though Redis. Auditbeat -> Redis -> Elasticsearch ->Kibana. I see there is a redis output option but when I send it to redis i don't get any logs in showing in kibana. is there a part i need to add to logstash when pulling down from redis that's separate from the rest of my logs?
Can you show us your Filebeat and Logstash configs?
Thanks for the reply I actually got it figured out. I had to add the key to the Redis output. then I pulled it off Redis with Logstash using the same key and added the index name because I didn't have this key I was sending them to the Logstash index.
output.redis:
enabled: true
hosts: ["IP"]
port: 5002
key: auditbeat
datatype: list
1 Like