filebeat +elk


We are using filebeat to feed our bro 2.5.3 logs into logstash for a small 5 node elastic stack cluster. We’re running elastic 6.0.x currently and are in the process of upgrading to 6.2. This is just a staring point for us and it seems to be working well. We’re not doing any json output from bro, but the native file format with logstash side processing is working fine. Below are the files I’m currently feeding into elastic.