Netflow Exporters only from Filebeat Host

Yusran · March 19, 2024, 10:36am

Hi Team,

I just finished to Deploy Elastic Stack to Visualize Netflow data from several network devices, with the following deployment:

Network devices -> Filebeat (Netflow Module) -> Elasticsearch -> Kibana.

Filebeat, elasticsearch, and Kibana are deployed in the same host.

Everything is running properly and the Netflow data was successfully visualized on Kibana.
But just curious about one thing, why the flow Exporters chart is showing that the flow source is only from filebeat agent?
I hope that the original flow source (network device IP/Hostname) should be counted and visualized.
any one can help?

rtwolfe94022 · March 20, 2024, 4:16am

The issue arises because the Netflow data as processed and stored in Elasticsearch attributes the data source to Filebeat, not the original network devices. To fix this, ensure the correct source fields are used in your Elasticsearch mappings and Kibana visualizations, and verify Filebeat's Netflow module configuration to ensure it's accurately capturing and forwarding the network devices' IP addresses or hostnames.

Yusran · March 26, 2024, 2:54am

could you please the setting that need configure properly?

system · April 23, 2024, 4:54am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch 7.4 Netflow questions Logstash or filebeat WTF? Elasticsearch	6	1433	November 1, 2019
Filebeat + netflow module , there is nothing to visualize on kibana Beats beats-module , filebeat	14	5231	September 29, 2020
Filebeat Netflow not getting to Kibana Beats filebeat	4	392	July 13, 2020
Netflow data not appears in Elastic search/Kibana Kibana	6	1449	March 8, 2023
Filebeat multiple sources netflow module Beats beats-module , filebeat	3	502	August 6, 2020

Netflow Exporters only from Filebeat Host

Related Topics