Integration with Elasticsearch
NetFlow Optimizer can send flow data to Elasticsearch. NFO outputs data in syslog or JSON format which makes it indexable by Elasticsearch, where it can be visualized using ELK stack. Either Filebeat or Logstash or both can be used with NetFlow Optimizer.
Filebeat has a small footprint and use fewer system resources than Logstash. Choose this option if you want to ship your flow data to Elasticsearch securely and reliably, as it supports back pressure and SSL and TLS encryption. However, Filebeat cannot add calculated fields at index time, that could be required for advanced analytics.
Logstash has a larger footprint, but enables you to filter and transform data, adding calculated fields at index time, if necessary.
For more information, see Integration with Elasticsearch
Last modified 7mo ago
Copy link