I'm pretty new to ELK and I was hoping to get some help with a use case I have.
From our network we collect data in elasticsearch with netflow and we have a openvpn server from which we collect the logging with beats.
Now we have the users connected with the VPN in the log files from OpenVPN and we want to now what is doing in the network, e.g. we want to enrich our netflow data with the user from openvpn.
What will be the best way to achieve this?
In the future I'm expecting lots more of these use cases.
The use-case that you are describing - the ability to seamlessly work with multiple heterogeneous data sources, with a common suite of visualizations and analytics - is exactly what is provided by ElastiFlow's big brother... sýnesis
sýnesis is – reasoning that joins implicit (indirect) truths for comprehension, facts joined together for holistic understanding.
If you are interested in learning how you can take a significant step up from ElastiFlow, and seamlessly leverage data from ALL of your sources, please reach out to me at rob@koiossian.com.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.