Has anyone tried to capture and analyze the "clear text" beats traffic (FileBeat, Winlogbeats, etc.) as it is being sent to Logstash or Elasticsearch? In its default configuration, the traffic is being sent unencrypted. But how is the data being encoded? I tried to capture this traffic using Wireshark and cannot decipher its encoding scheme. The data contained in the packets are not human readable in its unencrypted form. I even tried to use Cyber Chef but was not successful. I'm just wondering how easy is it to decode and read the contents of the network traffic. Security through obscurity?
The protocol is implemented in https://github.com/elastic/go-lumber. If you turn off compression you can read the raw JSON parts in my experience.