Need help in Integrating 3rd party Zeek Plugins into SO 16.04

[Cirrus]

Hi, would like to ask someone for advice with regarding to integrate 3rd party zeek plugins into the ELK Stack in SO 16.04.

I have a SO 16.04 setup running in evaluation mode, with ELK Stack and Zeek running. From what I understand based on the documentation and trial and error testing, zeek scripts are being parsed to Logstash, indexed by Elasticsearch and then displayed in Kibana. 

In my setup, I have included this 3rd party zeek plugin (https://github.com/amzn/zeek-plugin-enip)

This plugin has been successfully installed, and I do see the enip.log and cip.log in ../zeek/logs/current directory. However, the data in these files are not populated to Kibana, and the dashboard will not display ENIP/CIP traffic. For plugin that comes in default with Zeek Installation, the data would be ingested by ELK stack and displayed on Kibana.

I would like to ask everyone on what are the steps to display 3rd party zeek plugins into SO ELK stack so that it can be visualized on the Kibana dashboard. Also, the detailed steps of how ELK Stack integrates data that is being parsed from Zeek.

Any help is much appreciated. Thank you.