input-osquery-output-kafka.conf

gistfile1.txt

input {
   file {
      path => [
         "/var/log/osquery/result.log"
      ]
   }
}
filter {
  json {
    source => "message"
    target => "osquery"
  }
}
output {
  kafka {
    bootstrap_servers => "<IP ADDRESS OF SITECOLLECTOR>:9093"
    codec => json
    ssl_keystore_location=>"/opt/certs/kafka.keystore.jks"
    ssl_keystore_password=>"exabeam"
    ssl_truststore_location=>"/opt/certs/kafka.truststore.jks"
    ssl_truststore_password=>"exabeam"
    ssl_endpoint_identification_algorithm=>""
    security_protocol=>"SSL"
    compression_type => "snappy"
    topic_id => "lms.kafka.topic"
    }
}