I'm using metricbeat 6.2.4 on Windows and Logstash 6.3.0-1 on Debian 8.
I got SSL set up and then thought for the heck of it I'd compare packets in Wireshark and found that the traffic looks exactly the same when sending beats with and without SSL. I remember reading that without SSL the traffic is plaintext, so that was what I was expecting to see and just wanted to verify the SSL was set up properly. Can anyone explain why this is? Do the newer *beats have encryption of some sort baked in?