We are using logstash as a proxy between beats, syslog, fluentbit, etc and logz.io. I would like to inspect ('tee') the input stream, specifically from a vCSA syslog stream, or query logstash for in-memory records, or ('tee') the output stream which is being shipped to logz.io. The challenge is that this is a production VM, tcpdump or other utilities are not installed, and I cannot stop/reconfigure logstash.
Is there any API or other means to inspect the data stream input or output while not impacting production?
I realize that, if this was possible, this could be a significant security concern though I'm already on the node which is running logstash so I hoped there was some form of internal monitoring mechanism. I know of the logstash api listening on port 9600, but it appears to be more stats on the running service.
Thank you for your time bow