I am currently working to generate a real time network topology based off NetFlow data (using the Logstash module for ingestion) then using graph to visualize it.
My current settings:
significant links: off
Certainty: 1
Diversity field: none
filter: *
This currently works well to show the links between devices but I was curious if there was a way to use aggregations for the vertices. I am looking to see the sum of bytes transferred or number of packets instead of the current setting of doc count. Any advice would be greatly appreciated.
Using drill-down links [1] it is possible to show extra information on selected nodes using external URLs eg to take you off to other parts of Kibana to use other visualisations. The heatmap visualization is one example of a visualization where you can use a 2d grid of terms to break down interactions between these entities, totalling bytes or whatever.
If you want to hand-roll your own custom visualization (eg time sliders to filter lines, lines sized by bytes transferred, horizontal swimlanes for IPs with vertical lines representing comms over time etc) then link out to your own app with the nodes list and then use the new adjacency_matrix aggregation to get temporal, financial etc summaries behind all the connecting lines.
Thank you so much @Mark_Harwood The drill-down links did the trick!
I noticed that you can change the icon color if you group items but I was wondering if there is any way to change the icon once they are grouped? I ask because I am grouping machines that are chained together, such that they play the role of both src ip and dst ip and once I have grouped those IPs I want to set unique icons for each.
Thanks,
Andrew Moreau
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.