Good afternoon, I ran into a problem, for some reason, after using ElastiFlow 4.0.1 on Dash Board for a while, the circles on dashboard began to distort, unfortunately ElastiFlow switched to the commercial version and closed the branch on GitHub, now there is no way to ask them about their open source ElastiFlow 4.0.1
The project has been working for about a month and now bugs with visualization in Kibana have started. Perhaps someone has come across such a bug or have thoughts about it, thanks!
Kibana version: 7.8.1
P.S. When I apply some filters, reduce the number of objects, the problem is solved. For Dashboard, I used a standard template from the ElastiFlow project elastiflow.kibana.7.8.x.ndjson
The solution that will give you the least headaches going forward would be to look at their visualizations and recreate them using Lens or something else. This way you can pinpoint what triggers the error and adjust it to your liking.
If I understand correctly, you mean re-create elastiflow.kibana.7.8.x.ndjson by myself using Lens? If this is what you meant to say, then I will try to learn how to create a dashboard through the lens. Thank you Marius.
To clear up a possible misunderstanding... there is still a free version of ElastiFlow. You can use the new ElastiFlow collector with no license key or with the free Basic Tier license for up to 4000 flow records/sec. The collector will need only a single CPU core at that flow rate. With Logstash and the old ElastiFlow you will need about 16 cores for the same data volume. The new solution also includes more features, more dashboards, and if you have the commercial version of the Elastic Stack you get 110+ ML jobs and 90+ alerts. The collector can also be configured to output records in ECS, and can even automatically setup ILM w/rollover.
Using Logstash for netflow was never a great idea. It has well documented issues handling netflow/IPFIX templates properly, and lacks any way to support enrichment via option records. Add that and other limitations to the poor performance, and the decision to move to a new solution was an easy one to make.
Hello, thank you for the reply. When I tried to use the commercial version, I ran into a problem when I use the installation via doker, I just can’t start the project, I follow the instructions on your official website, but I can’t start the project, and I can’t Elasticsearch. It is difficult to launch a project, guided by the instructions on your site, I probably found out that the problem may lie in the ES security settings, which is initially present in docker-compose.yaml, even changing these settings, nothing happend end project not work properly...
Following the instructions, running containers does not work. The instruction is not complete, as for me, you need to initially have the huge skills of the ES, just like that without additional knowledge, I did not succeed in launching ElastiFilov 5 + ES + Kibana via docker-compose.
The docker-compose files in that section are examples, not instructions. You can use them as a starting point, but you would still have to edit them for things like data path, IP address, etc. You would also need to prepare the data mount point and give it the proper permissions.
In your non-commercial version, there was a ready-made project for launching through the docker-compose and detailed instructions, but in your commercial version there are no instructions and it’s not clear how to start it all, you can’t even test it without spending a few days to make it all work, still doesn't work for me...
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
