I've setup elastiflow on my ELK Stack to serve as a netflow collector, but I noticed visualizations showed different data to what I expected, then I realized kibana was using
flow.client_hostname index pattern as the field to show the data, when what I expected to use was
I've change the fields used in the graphs, but I'm really curious what would be the difference between
I expect the source IP address from that particular flow to be the "client" in that conversation, if thats not the case what's the logic behind this fields "flow.client_hostname/flow.server_hostname/flow.autonomous_system".
I've checked on Management section but all I can find is that these indexes are String.