i have ELK 8.17 (elasticsearch-logstech-kibana-filebeat) and send netflow from router to filebeat and recive all of netflow in ELK but dont count sources bytes and destinations bytes!!!
and just collect source and destinations port!!
First I am curious why are you running Filebeat -> Logstash -> Elasticsearch instead of just Filebeat->Elasticsearch ?
Are you following 3rd party documentation?
I generally recommend Filebeat->Elasticsearch first ... WHY because logstash adds extra complexity (may not add any value) and if you do not do everything right... then the correct mappings and pipelines / parsing are not applied. Then the data and the mappings and dashboards might not work right...
So my suggestion is clean everything up and get Filebeat -> Elasticsearch working first using the netflow modules
Following the steps in the Filebeat quick start and use the netflow module instead of the ngnix modules
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.