Skip to main content
Version: 2.10.0

OpenSearch

Use this output type to send NFO data to OpenSearch (e.g. Amazon OpenSearch Service).

ParameterDescription
URLscomma separated list of https endpoints
IndexOpenSearch index name. This a required field. Index can be a constant string or a pattern like nfo-${nfc_id}-${time:yyyy.MM.dd}, where ${nfc_id} and ${time} are substituted from the json message. Time format is required and separated by a colon from the time field name. Patterns for formatting is available here: https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/time/format/DateTimeFormatter.html
UsernameOpenSearch authentication usename. May be empty, if client certificate authentication is used
PasswordOpenSearch authentication password. May be empty, if client certificate authentication is used
TLS client cert PEM fileAbsolute path to the client certificate PEM file for authentication. May be empty, if username/password authentication is used
TLS client key PEM fileAbsolute path to the client key PEM file. The key mast be password encoded. Field may be empty, if username/password authentication is used
TLS client key passwordClient key password. This is a required field, when key file is provided
TLS trust certs PEM file(optional) Absolute path to OpenSearch http endpoints certificates. May be empty, if certificates are signed using any global CA
Index template nameTemplate name inside OpenSearch. For more information, visit https://opensearch.org/docs/latest/opensearch/index-templates/
Index template fileAbsolute path to the json index template file. NFO is installed with template file ${nfo_home}/etc/opensearch-index-template.json
Report threadsOutput threads count (default is 2). This is the number of threads allocated to receive NetFlow data messages produced by NFO and sent to OpenSearch
Report intervalTime interval in seconds between report threads executions (default is 10)
Max body sizeMaximum message size in bytes. NFO combines several messages into one bulk request. Default is 4,000,000
nfc_id filterComma separated list of NFO Modules’ nfc_ids to be send to OpenSearch. This is optional parameter, if not set, all messages are sent