Correlate two indexes

Bjorn_Timmer · October 8, 2018, 11:55am

Hi,

I'm pretty new to ELK and I was hoping to get some help with a use case I have.

From our network we collect data in elasticsearch with netflow and we have a openvpn server from which we collect the logging with beats.

Now we have the users connected with the VPN in the log files from OpenVPN and we want to now what is doing in the network, e.g. we want to enrich our netflow data with the user from openvpn.

What will be the best way to achieve this?

In the future I'm expecting lots more of these use cases.

bhavyarm · October 11, 2018, 11:05am

Hi,

So you can build visualizations with either saved searches or directly on index patterns. And then build a dashboard with those visualizations.

If you use filters on these dashboards - you can control what gets displayed and correlate
those index patterns.

Thanks,
Bhavya

rcowart · October 25, 2018, 11:56am

@Bjorn_Timmer I believe you are already using ElastiFlow for netflow data.

The use-case that you are describing - the ability to seamlessly work with multiple heterogeneous data sources, with a common suite of visualizations and analytics - is exactly what is provided by ElastiFlow's big brother... sýnesis

sýnesis is – reasoning that joins implicit (indirect) truths for comprehension, facts joined together for holistic understanding.

If you are interested in learning how you can take a significant step up from ElastiFlow, and seamlessly leverage data from ALL of your sources, please reach out to me at rob@koiossian.com.

system · November 22, 2018, 11:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.