Hi, is there a way to configure packetbeat to verify availability of elasticsearch or logstash ingest pipeline on regular basis and if found unavailable store the logs locally, before sending them (again)?
An alternative would be to capture network connection details as part of sysmon and transfer Winlogbeat. However, I was wondering what is the way around for roaming clients who may use split tunnel or direct internet access without being connected to receivers (logstash/elasticsearch). How does beats plan to store logs and send in case ingest is not available?
Thank you.