Hi,
If, i do port mirroring and then dump logs to packetbeat. Will i, be able to preserbe the client_ip of the mirrored port.
Wanted to know about the outcome before trying it on my own.
Since you are receiving a copy of the packets when using a port mirror, the packets will their original client_ip and ip (and all other data). If your mirror port includes any VLAN encapsulation in the packets then make sure to set with_vlan: true in your interfaces configuration.
Thanks a lot @andrewkroh