ElastiFlow™ provides network flow data collection and visualization using the Elastic Stack (Elasticsearch, Logstash and Kibana). It supports Netflow v5/v9, sFlow and IPFIX flow types (1.x versions support only Netflow v5/v9).
I was inspired to create ElastiFlow™ following the overwhelmingly positive feedback received to an article I posted on Linkedin... WTFlow?! Are you really still paying for commercial solutions to collect and analyze network flow data?
| Organization | Feedback |
|---|---|
 |
“Right now this is my personal favorite analytics tool. I use it extensively and am always finding a new way to leverage it." |
 |
"We're using it since two months in our new datacenter and our network admins are very happy and impressed." |
 |
"Of all the netflow tools I’ve tested it has, by far, the best visualizations." |
 |
"We absolutely love ElastiFlow and recently stood it up in production. Looking forward to new functionality and dashboards." |
ElastiFlow™ is built using the Elastic Stack, including Elasticsearch, Logstash and Kibana. Please refer to INSTALL.md for instructions on how to install and configure ElastiFlow™
The following dashboards are provided.
NOTE: The dashboards are optimized for a monitor resolution of 1920x1080.
There are separate Top-N dashboards for Top Talkers, Services, Conversations and Applciations.
There are separate Sankey dashboards for Client/Server, Source/Destination and Autonomous System perspectives. The sankey visualizations are built using the new Vega visualization plugin.
There are separate Geo Loacation dashboards for Client/Server and Source/Destination perspectives.
Provides a view of traffic to and from Autonomous Systems (public IP ranges)
This product includes GeoLite2 data created by MaxMind, available from (http://www.maxmind.com)