Hi,
What are the traffic requirements
of packetbeat in order to capture HTTP transactions from a third
computer using the SPAN interface of a router? Is it mandatory to be the
sender or receiver of the HTTP traffic? If so, is there any way to
override these constraints?
Also, is there any detailed benchmark available about packetbeat performance?
Ada
I would also like to have a detailed test of packetbeat. Other tools like logstash mention some benchmarks but packetbeat documentation just says different results for different capture systems such as pcap, pf_ring and af_packet. They say pf_ring is able to sniff Gigabits per second but there is nothing about packetbeat performance. 
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.