I am running an ELK stack 6.2 on Ubuntu 16.04. I have netflow configured on my cisco ASA 5515 to come to the server. I can see from tshark that the packets are coming. When I debug logstash I can see it is getting the data. But when I go to Kibana and look at any of the dashboards, I am not getting bytes or packets. I get flow counts, cities, destination IP, source IP etc. I have another product on a windows machine gathering the data from the ASA and it goes through perfectly and shows me the bytes and everything. What am I missing?
The Logstash Netflow module was based on ElastiFlow v1.0.0 and is quite dated. Currently ElastiFlow is at v2.1.0 and includes A LOT more functionality. Most important in your case is support for ASA bi-directional flows. This is most likely the reason you don't get bytes and packets.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.