You'll need multiple Threatintel modules such as below. You can put this in the threatintel.yml file I also recommend adding the other filesets to disable them.
Thats exactly what looks like is happening. Unfortunately it seems to happen with multiple threatintel modules as well. Given the below configs, I only ever see collection 136 in the logs.
Where are u defining this config? In the filebeat.yml or the the threatintel.yml? There was a bug that was just fixed when defining duplicate modules in the filebeat.yml that caused what you're seeing. Try in the threatintel.yml
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.