I'm new to packetbeat and I just got it up and working. When I queried for some data, I noticed situations where the client.geo.country_iso_code field did not the same information as the source.geo.country_iso_code field. See this screenshot below:
I don't think I have a good grasp of what the difference is between client and source after reading the documentation:
My current grasp of the situation is that the client initiates the network connection and the source sends the data over a protocol. But why would the client and sender ever be two different things?
And likewise, why would the destination and host ever be different from each other?