Afternoon -
I'm new to Elasticsearch and want to see if it's possible to connect to a VeloCloud API to pull and analyze logs from the VeloCloud orchestrator. We've been struggling getting back any real content over SNMP. Any help is appreciated.
Elasticsearch itself doesn't pull logs from anywhere, you need something else to push logs into ES. Try the Logstash forum for help with that.
However, if the problem is that the data is not available to be pulled then you'll need to find someone with VeloCloud expertise to work out what to do about that.
This question probably belongs more in the Beats/Elastic Agent/Logstash category.
Regarding the API, (I'm not familiar with it), but there is this article about it: Extracting VMware Velocloud SD-WAN events with Elastic Stack | SkinnyNetTech, it's a bit old, but the Filebeat part, still seems roughly accurate. You could also possibly try translating it into the Elastic Agent Custom API Integration for a more modern approach.
Regarding SNMP, in my opinion, this is probably the weakest part of the Elastic Stack when it comes to observability. The best way I've found to do SNMP with Elastic, is to actually use the Prometheus snmp_exporter to handle the SNMP part, and then use the Elastic Prometheus Exporter Collector integration to scrape the snmp_exporter and ingest data into Elasticsearch.
1 Like
Thank you for the assist, I will look at Log stach and see what I can find out.
Appreciate the help
The best way to poll SNMP and send it to Elasticsearch is to use the ElastiFlow SNMP Collector. Follow the link to the documentation.
If you are collecting IPFIX flow data from Velocloud, you should also look at ElastiFlow's Flow Collector. It is the only one I know of that properly handles the bi-direction flow records sent by Velocloud. From the changelog:
Bi-Directional Flows - Bi-directional records, as sent by Velocloud SD-WAN and certain Cisco and other devices, are now split into two uni-directional records, enabling the full ElastiFlow feature set to be applied to both directions represented in the original record.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.