Hi,
Iam trying to create a dashboard in kibana for netflow where i need traffic volume by Avg Bits/s so that i can monitor the traffic volume.
in case of DDOS where the traffic volume is huge,i should be able to see that traffic volume in kibana
is there a way to configure the dashboard to achieve this.any help is much appreciated.thanks
Hey @venki522, you can do this using a derivative of the cumulative sum of the sum of netflow.bytes on a date histogram bucketed by second. The following screenshot will hopefully guide you down the right path:
Also, take a look at the Dashboards that are created by the Logstash Netflow module when using the --setup flag https://www.elastic.co/guide/en/logstash/current/netflow-module.html
Thank you Brandon for the reply.So netflow.bytes has both in_bytes and out_bytes since i dont see those fields in the netflow packet.
when i don the above my y-axis has got very big number and even minus.could i reduce it to shorter one and readable one.
moreover this is only on one index,how can i make this as graph a live one meaning the graph should show the volume in real time
thanks for the reply once again
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.