Hi,
I'm running filebeat 7.14.0 to ingest Netflow data, which is then stored in Elasticsearch and viewed on Kibana. When I run "filebeat -e", I will see some logs generated by filebeat every 30s. The logs are similar to what on this page, but they are not exactly the same. For example, I see the parts below
"input":{"netflow":{"packets":{"received":12345}}}}
or
"input":{"netflow":{"flows":1234,"packets":{"dropped":2345,"received":12345}}}}
It seems like when there is only "received" in the log (first line), I don't get any data, but when there is "flows" (second line), then I'll see data on Kibana. Netflow data is definitely continuously coming in and presumably ingested by filebeat, even though I expect drops because the ingest rate is likely higher than what filebeat can handle (~2-4Gbps).
I would like to know how to interpret the logs so as to better understand what is going on, and calculate the drop rate.
Thank you.