Kibana default netflow dashboards

venki522 · May 25, 2018, 6:04am

iam using netflow module for elk stack.iam not able to see the default dashboard in kibana for netflow .Any idea,can some one help on this.

Marius_Dragomir · May 25, 2018, 9:18am

Hello,

Did you start Logstash with the --setup flag in order to install the Netflow dashboards in Kibana?
bin/logstash --modules netflow --setup -M netflow.var.input.udp.port=NNNN
https://www.elastic.co/guide/en/logstash/current/netflow-module.html

venki522 · May 25, 2018, 9:19am

it is already started and i see in the discover tab the data but only dashboards are not displayed

Marius_Dragomir · May 25, 2018, 9:21am

You can get netflow data even without the --setup flag, that flag only installs the dashboards.

venki522 · May 25, 2018, 9:28am

.Thanks..so do we need to run that command and stop it or run it in the background

Marius_Dragomir · May 25, 2018, 9:30am

if you run it just once, it should be enough to get the dashboards set up and keep your command running that just ingests the Netflow data.

venki522 · May 25, 2018, 9:34am

so the command need to run continuously to ingest netflow data.So i stop the command the data shown in the dashboard will be stopped.

is there any other way so that netflow data is seen on the dashboard

venki522 · May 25, 2018, 9:36am

iam also getting this error

[INFO ] 2018-05-25 09:35:46.616 [[module-netflow]<udp] udp - Starting UDP listener {:address=>"0.0.0.0:2055"}
[WARN ] 2018-05-25 09:35:46.618 [[module-netflow]<udp] udp - UDP listener died {:exception=>#<Errno::EADDRINUSE: Address already in use - bind - Address already in use>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:190:in bind'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-udp-3.2.1/lib/logstash/inputs/udp.rb:95:inudp_listener'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-input-udp-3.2.1/lib/logstash/inputs/udp.rb:56:in run'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:516:ininputworker'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:509:in `block in start_input'"]}

Marius_Dragomir · May 25, 2018, 9:36am

You can keep running the command like you were running it before, as long as it was run at least once with the setup flag. Logstash has to run to ingest data and it has to run at least once with --setup for the Netflow module dashboards to be installed. After that, the dashboards are there to stay.

system · June 22, 2018, 9:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.