Netflow Cisco Switch

Elastic Stack Beats
1

I'm trying to visualize netflow traffic in a table
I set the metric to Sum of netflow.in_bytes and the value for today is
181,130,876,462

I set the bucket to the following to show top 10 usage and it's fairly low compared to the total

netflow.ipv4_dst_addr.keyword: Descending In Bytes
192.168.185.132 3,050,273,842
192.168.186.117 1,972,800,028
192.168.186.29 1,944,733,094
192.168.187.44 1,626,335,188
192.168.185.158 1,624,524,039
192.168.131.17 1,436,417,039
192.168.186.20 1,300,654,698
192.168.192.15 1,279,419,504
192.168.185.133 1,275,578,491
192.168.186.28 1,162,429,908

When I tick the missing values I still get the same result, I expect there to be more data compared to the total

Does anyone have any advice? Thanks

2

The sum of the top 10 is not going to be the same as the total because this doesn't account for the 11th through N other IP byte totals.

3

Thanks for your time to reply Andrew.
So the data is accurate but most of it is spread out between all the other ips that are not in top 10

Do you have a specific way of displaying this data yourself? I'm trying to set up my own dashboard and in process learn Kibana better.

I already have an input in logstash so not sure how to get the netflow dashboards without modifying anything else

Do I remove the existing input, filter and outputs for netflow and run
bin/logstash --modules netflow --setup -M netflow.var.input.udp.port=5046

 udp {
        tags => ["netflow"]
        type => "netflow"
        port => 5046
        codec => netflow {
                         versions => [9]
                         }
            }
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.