Packetbeat has a nifty process monitor that can track flows even down to between processes running on the same server:
packetbeat.procs:
enabled: true
monitored:
- process: mysqld
cmdline_grep: mysqld
Unfortunately it is Linux only. Now I do know that later versions of Windows have a handy -o switch for netstat that shows the process number assigned to the port. Would it be feasible to capture this to mimic the Linux process flow functionality?
Turns out we already have this feature request, sitting in our backlog for 2 years now.
I think its a feature worth having and not so complicated. Tempted to pick it up now
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.