Author Topic: Vizualize Netflow data in Kibana (used network trafic) (Read 1593 times)

glvmvlcltq · « **on:** October 26, 2021, 08:42:36 am »

Hi,

I would like to create a dashboard on Kibana using the OPNsense Netflow (I tried v5 and v9) logs to vizualize the bandwith used per source IP.

Here is my logstash config.

Quote

input {
# OPNsense netflow logs input
udp {
port => 10522
codec => netflow
tags => ["opnsense_netflow_logs"]
}
}

filter {

}

output {
if "opnsense_netflow_logs" in [tags] {
elasticsearch {
hosts => "http://localhost:9200"
index => "opnsense-netflow-%{+YYYY.MM}"
}
}
}

I receive data in Elasticsearch (see attachments), but I don't know how to use it to create a graph.

For my tests I started a "wget --limit-rate=200k xxx". My IP is 172.16.10.106.
Here is the vizualization I created in the attachments. As you can see, the graph is wrong and I can't even see the download I'm doing.

Where does the problem come from ?
Is the Netflow data correct ? If yes, how should I create my vizualization in Kibana ?

Thanks a lot in advance.

Fuzail · « **Reply #1 on:** November 15, 2022, 01:17:01 pm »

Hey there!

I was just working on this setup. I just wanted to know what configurations have you done on opnsense to get this setup running?

Thanks. Help much appreciated!

Author Topic: Vizualize Netflow data in Kibana (used network trafic) (Read 1593 times)

glvmvlcltq

Vizualize Netflow data in Kibana (used network trafic)

Fuzail

Re: Vizualize Netflow data in Kibana (used network trafic)