OpenSearch
Use this output type to send NFO data to OpenSearch (e.g. Amazon OpenSearch Service).
| Parameter | Description |
|---|---|
| URLs | comma separated list of https endpoints |
| Index | OpenSearch index name. This a required field. Index can be a constant string or a pattern like nfo-${nfc_id}-${time:yyyy.MM.dd}, where ${nfc_id} and ${time} are substituted from the json message. Time format is required and separated by a colon from the time field name. Patterns for formatting is available here: https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/time/format/DateTimeFormatter.html |
| Username | OpenSearch authentication usename. May be empty, if client certificate authentication is used |
| Password | OpenSearch authentication password. May be empty, if client certificate authentication is used |
| TLS client cert PEM file | Absolute path to the client certificate PEM file for authentication. May be empty, if username/password authentication is used |
| TLS client key PEM file | Absolute path to the client key PEM file. The key mast be password encoded. Field may be empty, if username/password authentication is used |
| TLS client key password | Client key password. This is a required field, when key file is provided |
| TLS trust certs PEM file | (optional) Absolute path to OpenSearch http endpoints certificates. May be empty, if certificates are signed using any global CA |
| Index template name | Template name inside OpenSearch. For more information, visit https://opensearch.org/docs/latest/opensearch/index-templates/ |
| Index template file | Absolute path to the json index template file. NFO is installed with template file ${nfo_home}/etc/opensearch-index-template.json |
| Report threads | Output threads count (default is 2). This is the number of threads allocated to receive NetFlow data messages produced by NFO and sent to OpenSearch |
| Report interval | Time interval in seconds between report threads executions (default is 10) |
| Max body size | Maximum message size in bytes. NFO combines several messages into one bulk request. Default is 4,000,000 |
| nfc_id filter | Comma separated list of NFO Modules’ nfc_ids to be send to OpenSearch. This is optional parameter, if not set, all messages are sent |