Graphs/ Analysis with IPFIX Custom templates

Hi,

I'm new to using elastiflow. I need few clarifications/help regarding usage of custom netflow fields.

I need to export a custom data as part of netflow/IPFIX message. I'm using pmacct tool as exporter and configured a custom field (customField1), I'm able to view that field as part of netflow messages in wireshark.
In the elastiflow UI, I can view the custom field in the Dashboard--> Flow Records section where each flow attributes are listed (I have attached images of these).

Selection_068

I have 2 requirements here.

  1. Will I be able to plot a graph or any other tool for viewing the flows or make queries based on this value similar to how protocols are differentiated.
  2. Will I be able to attach a string for different values of custom field I'm using (I'm referring the riverbed templates for mapping strings to values.)

Elasticflow is not an Elastic maintained plugin. Please ask Elasticflow questions on at https://github.com/robcowart/elastiflow

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.