HI, looking for some help getting over the last hurdle....
I'd like to amend the MB Inbound/Outbound Traffic visualization (the real-time data rate metric) and use it on my netflow data (coming in via ELKs logstash netflow module) to give me the data rates of my netflow source IPs.
Currently the logstash netflow module will only let me do this in timelion and give me a graph. However the MB metric is really nice as i can set clear thresholds when data rates go above a certain level (turning background red etc).
I've been playing around with the MB vis (which i accept is experimental) but i feel this should be possible.
This is what ive done:
-
The corresponding field to MB's system.network.in.bytes in the netflow index is netflow.bytes so ive amended the vis to use this field.
-
Updated the field type in the index to 'bytes'
-
Changed 'group by' to netflow.src_add
-
Updated the Vis index pattern to match netflow data,
-
Removed the Panel Filter (only because i could think what to put instead to work with the netflow)
Below is what im left with
So i get data coming through, but i dont think the calculations are right. Am using the flowalyzer netflow generator to test, from what ive set, i reckon the values im getting are too low.
Is what im trying to do possible, and does the above look like the right config?
Thanks
