Netflow Exporters only from Filebeat Host

Yusran · March 19, 2024, 10:36am

Hi Team,

I just finished to Deploy Elastic Stack to Visualize Netflow data from several network devices, with the following deployment:

Network devices -> Filebeat (Netflow Module) -> Elasticsearch -> Kibana.

Filebeat, elasticsearch, and Kibana are deployed in the same host.

Everything is running properly and the Netflow data was successfully visualized on Kibana.
But just curious about one thing, why the flow Exporters chart is showing that the flow source is only from filebeat agent?
I hope that the original flow source (network device IP/Hostname) should be counted and visualized.
any one can help?

rtwolfe94022 · March 20, 2024, 4:16am

The issue arises because the Netflow data as processed and stored in Elasticsearch attributes the data source to Filebeat, not the original network devices. To fix this, ensure the correct source fields are used in your Elasticsearch mappings and Kibana visualizations, and verify Filebeat's Netflow module configuration to ensure it's accurately capturing and forwarding the network devices' IP addresses or hostnames.

Yusran · March 26, 2024, 2:54am

could you please the setting that need configure properly?

Topic		Replies	Views
Dont count sources bytes and destinations bytes in filebeat netflow Elasticsearch elastic-stack-monitoring	4	80	January 6, 2025
Filebeat + netflow module , there is nothing to visualize on kibana Beats beats-module , filebeat	14	5585	September 29, 2020
Netflow data not appears in Elastic search/Kibana Kibana	2	462	February 8, 2023
Netflow data not appears in Elastic search/Kibana Kibana	6	1706	March 8, 2023
Netflow Cisco IOSv no data complet data in elasticsearch Beats filebeat	4	273	May 2, 2024

Netflow Exporters only from Filebeat Host

Related topics