Hi,
I'm new to using elastiflow. I need few clarifications/help regarding usage of custom netflow fields.
I need to export a custom data as part of netflow/IPFIX message. I'm using pmacct tool as exporter and configured a custom field (customField1), I'm able to view that field as part of netflow messages in wireshark.
In the elastiflow UI, I can view the custom field in the Dashboard--> Flow Records section where each flow attributes are listed (I have attached images of these).
I have 2 requirements here.
- Will I be able to plot a graph or any other tool for viewing the flows or make queries based on this value similar to how protocols are differentiated.
- Will I be able to attach a string for different values of custom field I'm using (I'm referring the riverbed templates for mapping strings to values.)