Netflow Exporters only from Filebeat Host

Yusran · March 19, 2024, 10:36am

Hi Team,

I just finished to Deploy Elastic Stack to Visualize Netflow data from several network devices, with the following deployment:

Network devices -> Filebeat (Netflow Module) -> Elasticsearch -> Kibana.

Filebeat, elasticsearch, and Kibana are deployed in the same host.

Everything is running properly and the Netflow data was successfully visualized on Kibana.
But just curious about one thing, why the flow Exporters chart is showing that the flow source is only from filebeat agent?
I hope that the original flow source (network device IP/Hostname) should be counted and visualized.
any one can help?

rtwolfe94022 · March 20, 2024, 4:16am

The issue arises because the Netflow data as processed and stored in Elasticsearch attributes the data source to Filebeat, not the original network devices. To fix this, ensure the correct source fields are used in your Elasticsearch mappings and Kibana visualizations, and verify Filebeat's Netflow module configuration to ensure it's accurately capturing and forwarding the network devices' IP addresses or hostnames.

Yusran · March 26, 2024, 2:54am

could you please the setting that need configure properly?

system · April 23, 2024, 4:54am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.