Sidehistorik
There is no problem using the PacketBeat and TopBeat inteded for the ELK - ElasticSearch, LogStash, Kibana stack with splunk, as these can log to file:
...
These baby's log a lot of data... so I configure the sample rate for topbeat (can be done for packetbeat), and change it from 10 to 60 seconds:
...