Module with custom input?

Hi,

Is there a method to use module parsing with your own custom input declaration?
e.g.

- module: checkpoint
  access:
input:
- type: syslog
protocol.tcp:
  host: "0.0.0.0:8001"
tls:
  certificate: foo
  key: bar

Hi @hazcod!

It seems that no. Inputs are meant to replace modules where modules are not enough to support a case.

Hi @ChrsMark, that's a bummer... I would want to use mutual TLS for syslog connections, but no modules support that. Can I utilise the module parsing on its own?

In my case I want to use the CheckPoint->ECS parser, but with mutual TLS input.

So checkpoint module supports syslog or file as inputs. Sample config: https://github.com/elastic/beats/blob/master/x-pack/filebeat/module/checkpoint/_meta/config.yml

The question is if you can specify TLS settings in order to collect securely? From the documentation it seems that it is not supported. I would suggest you open a Github issue for this requesting this enhancement (if it is already supported and we missed that then it should be documented). What do you think?

That's what I was afraid for.. I've opened up a PR for it last week: https://github.com/elastic/beats/pull/18116