I am concern with the winlogbeats sending information in the uncompressed form. Is there a way to set it to apply compression for sending information to elastic search?
If you want compression, you could use Winlogbeat -> Logstash -> Elasticsaerch. The Logstash output in Beats supports compression.
Thank you for your reply.
Just a clarification, is logstash output part of winlogbeat? Can I ensure that the winlogbeat client can send out information that is already compressed?