Love the packet beat analyzer! Is there future plans for analyzing flows? IE: S-Flow, Netflow?
1 Like
Yes, a beat for flows (flowbeat or something) would make sense to me.
1 Like
+1
and IPFIX 
3 Likes
For now, there is also a way to get Netflow data into Elasticsearch via Logstash using the UDP input and a Netflow codec:
https://www.elastic.co/guide/en/logstash/current/plugins-codecs-netflow.html
http://blogs.cisco.com/security/step-by-step-setup-of-elk-for-netflow-analytics
+1
This would be great
+1
I would like to see this feature.
Take a look at: https://github.com/FStelzer/flowbeat
It's still a prototype and not all available sflow data is parsed yet but for collecting network metrics from my brocade routers it works rather well.
Feel free to add parsers to the underlying sflow lib 
Please be aware that the exported data format will change! Currently it shoves the on-wire data structure directly into elasticsearch which makes metrics on certain fields rather hard.
Cool, @FStelzer! You might want to open a pull request to add it https://github.com/elastic/beats/blob/master/libbeat/docs/communitybeats.asciidoc
I can also add it for you if you prefer.
1 Like
I know it's an old thread... I've been using PMACCT for SFlow and NetFlow capture. It has a module to integrate with RabbitMQ. Logstash pulls from RabbitMQ and forwards on to Elastic. The fields are setup by PMACCT so the whole transaction is pretty simple and straight-forward. http://www.pmacct.net/
Good luck, have you tried using it? Almost ever posting about it is the exact same:
[2017-06-27T18:50:42,504][WARN ][logstash.codecs.netflow ] No matching template for flow id 34237
The suggestions for this information are very interesting.