packetbeat.yml

packetbeat.interfaces.device: any
packetbeat.interfaces.snaplen: 1514
packetbeat.interfaces.type: af_packet
packetbeat.interfaces.buffer_size_mb: 100

packetbeat.flows:
  timeout: 30s
  period: 10s

packetbeat.protocols.dns:
  ports: [53]

packetbeat.protocols.http:
  ports: [8545, 8547]
  include_body_for: ["application/json"]
  processors:
#    - if:
#        equals:
#          url.path: "/"
#      then:
    - decode_json_fields:
         fields: [ "http.response.body.content" ]
         target: "_decoded_http_response" 

    - drop_fields:
        fields: ["_decoded_http_response"]

#    - if:
#        and: 
#          - has_fields: ["_decoded_http_response"]
#          - has_fields: ["_decoded_http_response.error"]
#      then:
#        add_fields:
#          target: "ethereum.rpc"
#          fields:
#            has_error: true
#      else:
#        add_fields:
#          target: "ethereum.rpc"
#          fields:
#            has_error: false
#
#    - if:
#        equals:
#          ethereum.rpc.has_error: false
#      then:
#        drop_fields:
#          fields: ["http.request.body.content", "http.response.body.content"]


packetbeat.protocols.memcache:
  ports: [11211]

packetbeat.protocols.mysql:
  ports: [3306]

packetbeat.protocols.pgsql:
  ports: [5432]

packetbeat.protocols.redis:
  ports: [6379]

packetbeat.protocols.thrift:
  ports: [9090]

packetbeat.protocols.mongodb:
  ports: [27017]

packetbeat.protocols.cassandra:
  ports: [9042]

packetbeat.protocols.tls:
  ports: [443, 993, 995, 5223, 8443, 8883, 9243]

processors:
  - add_cloud_metadata: ~
  - add_docker_metadata: ~

output.elasticsearch:
  hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}'
  username: '${ELASTICSEARCH_USERNAME:}'
  password: '${ELASTICSEARCH_PASSWORD:}'