I spent some time using Packetbeat, great tool, but I need to dig into nfs filehandles and metadata in the ops that I just can't get in the packetbeat dump.
I found this post, which is everything I could hope for except my initial import hit the 1000 fields limit.
I see the Put example, but I am struggling at connecting the dots on how to curl that into ES at a template, or how to generate my own template other than doing a dump of the data source and grepping out what might be good things to look for.
Thoughts please ! This platform has amazing potential, dying to see what I can do with all my network pcap data in ES.