Packetbeat data visualisation to show data being sent and recieved by a host and where it's going to and from using domain names

Alistair_Hardy · February 28, 2017, 12:49pm

So I'm trying to work out how to create a graph in Kibana 5.2 using info from packetbeat that has logging hosts along the X axis and data transfered in GB along the Y axis.

The x axis for each host is split to incoming and outgoing traffic. The bars are then split into which hosts they went too, listed by their FQDN's if possible instead of their IP's.

The above is a mock up of the graph I'd like or if you could think of a better way to visualise the data.

I'm pretty new to the whole elastic stack so I'm still getting my head around manipulating the data.
I'm yet to get it to show the data using IP's let alone domain names.
One of the main issues with IP's though is that we're using LXC, IP's may change. That and IP's aren't exactly user friendly for the 'at a glance' look.

Brandon_Kobel · March 2, 2017, 3:01pm

@Alistair_Hardy with the current visualizations you can get really close to what you're looking for with the following vertical bar chart:

The above chart shows the sum of the bytes_in, and then you could create a separate chart for for the bytes_out.

I'd recommend opening up another topic in the Beats forum to see if there's a way to get the destination hostname, there might be a way to setup a processor or the ingest node to enrich the information with this data, but they'll be able to guide you in the proper direction.

system · March 30, 2017, 3:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.