Network flow Monitoring (Netflow, sFlow and IPFIX) with the Elastic Stack
Clone or download

README.md

ElastiFlow™

Donate Tweet

ElastiFlow™ provides network flow data collection and visualization using the Elastic Stack (Elasticsearch, Logstash and Kibana). It supports Netflow v5/v9, sFlow and IPFIX flow types (1.x versions support only Netflow v5/v9).

ElastiFlow™

I was inspired to create ElastiFlow™ following the overwhelmingly positive feedback received to an article I posted on Linkedin... WTFlow?! Are you really still paying for commercial solutions to collect and analyze network flow data?

User Testimonials

Organization Feedback
ESnet “Right now this is my personal favorite analytics tool. I use it extensively and am always finding a new way to leverage it."
Payback "We're using it since two months in our new datacenter and our network admins are very happy and impressed."
Catapult Systems "Of all the netflow tools I’ve tested it has, by far, the best visualizations."
Imagine Software "We absolutely love ElastiFlow and recently stood it up in production. Looking forward to new functionality and dashboards."

Getting Started

ElastiFlow™ is built using the Elastic Stack, including Elasticsearch, Logstash and Kibana. Please refer to INSTALL.md for instructions on how to install and configure ElastiFlow™

Provided Dashboards

The following dashboards are provided.

NOTE: The dashboards are optimized for a monitor resolution of 1920x1080.

Overview

Overview

Top-N

There are separate Top-N dashboards for Top Talkers, Services, Conversations and Applciations. Top-N

Sankey

There are separate Sankey dashboards for Client/Server, Source/Destination and Autonomous System perspectives. The sankey visualizations are built using the new Vega visualization plugin. Sankey

Geo IP

There are separate Geo Loacation dashboards for Client/Server and Source/Destination perspectives. Geo IP

AS Traffic

Provides a view of traffic to and from Autonomous Systems (public IP ranges) AS Traffic

Exporters

Flow Exporters

Traffic Details

Traffic Details

Flow Records

Flow Records

Attribution

This product includes GeoLite2 data created by MaxMind, available from (http://www.maxmind.com)