Hi,
Version info: ELK version 5.6.1 on Ubuntu 16.01 LTS.
I am trying to come up with a Netflow soultion where as the ELK stack receives Netflow data then forwards on the raw unformatted Netflow data to an offsite provider.
I have ELK working and it's receiving the Netflow data, the Netflow module is working great.
I suspect I need to build a proxy server which performs the collection in Logstash and, using Filebeats, it ships it to both the ELK stack and and the offsite provider. My question is, can Filebeats send unformatted Netflow data or will it convert it to JSON for the stack to digest.
Any wisdom would be gratefully appreciated?
Thanks