I am running into two issues with the Network Events.
The first issue is that HTTPS traffic is not getting identified as HTTPS traffic and is has an empty http.request.body.content and most HTTP traffic is the same.
The other issue is that the http.request.body.content does not get parsed (when it does exist) like Packetbeat does therefore some dashboards do not work. For example, when drilling down into an IP from the network map in the SIEM, you will not see HTTP Requests associated with that IP since several fields do not exist such as http.request.method.
Is there a way to get this data parsed like Packetbeat or is Packetbeat the only way to get this functionality?