I'm part of an organization that is considering using packetbeat. We've tested it in our development environment and we have found it works great! We have run into one problem though, our network architects are transitioning our infrastructure into a topology in which there are no static points where we could capture data and ensure that all traffic is being sniffed.
One idea we had was to install packetbeat on each box in production and have it send the data to our ELK cluster. This seems like a rather ungraceful approach and I was wondering if anyone had any recommendations or advice regarding the situation.