IPFIX processing Setup plan & queries

Hi Everyone,

I have few questions reg. processing of IPFIX logs originating from "Thunder CFW | A10 network" exporter. Would not be able to change different network exporter product or any installation in source side since it is a third party component.

ThirdParty (with A10 network exporter) -> ELK stack.

ELK Stack Version : 7.10

Setup plan:

1. Source -> Logstash (netflow codec) -> Elastic -> Kibana
2. Source -> Filebeat (netflow module) -> Logstash(if necessary) -> Elastic


  1. I would like to know which of the setup plan mentioned above would be the right approach
  2. While reading the official documentation, came across something as ipfix.yaml which is ipfix definitions. But couldnt understand as what it signifies or what is PEN or get more information about it as how to write a custom one?

Can someone help me with few clarifications please?


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.