Packetbeat supports capturing all messages sent or received by the server on which Packetbeat is installed:
packetbeat.interfaces.device: any
But when I set the output to Elasticsearch, I found that the field interface.device does not exist on its log . In other words, How to distinguish netflow from different interface device in log?
Wi @492917328 welcome to the community!
Look at the interface fields here
interface.name
Interface name as reported by the system.type: keyword
example: eth0
And
interface.id
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.