Hi,
Iam trying to create a dashboard in kibana for netflow where i need traffic volume by Avg Bits/s so that i can monitor the traffic volume.
in case of DDOS where the traffic volume is huge,i should be able to see that traffic volume in kibana
is there a way to configure the dashboard to achieve this.any help is much appreciated.thanks
Hey @venki522, you can do this using a derivative of the cumulative sum of the sum of netflow.bytes on a date histogram bucketed by second. The following screenshot will hopefully guide you down the right path:
Also, take a look at the Dashboards that are created by the Logstash Netflow module when using the --setup flag https://www.elastic.co/guide/en/logstash/current/netflow-module.html
Thank you Brandon for the reply.So netflow.bytes has both in_bytes and out_bytes since i dont see those fields in the netflow packet.
when i don the above my y-axis has got very big number and even minus.could i reduce it to shorter one and readable one.
moreover this is only on one index,how can i make this as graph a live one meaning the graph should show the volume in real time
thanks for the reply once again
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.