I've setup elastiflow on my ELK Stack to serve as a netflow collector, but I noticed visualizations showed different data to what I expected, then I realized kibana was using flow.client_hostname
index pattern as the field to show the data, when what I expected to use was flow.src_hostname
.
I've change the fields used in the graphs, but I'm really curious what would be the difference between flow.client_hostname
and flow.src_hostname
.
I expect the source IP address from that particular flow to be the "client" in that conversation, if thats not the case what's the logic behind this fields "flow.client_hostname/flow.server_hostname/flow.autonomous_system".
I've checked on Management section but all I can find is that these indexes are String.