cleesmith
commented
8 years ago It turns out that cloning filebeat was not a good idea, but instead to start with libbeat then add code to handle unified2 files. So this is no longer given the recent changes.
For the most part, try to stay in lockstep with the latest changes/enhancements in Filebeat. Currently, both libbeat and filebeat are changing a lot, but once they settle down then review that code and apply any needed changes to unifiedbeat.