From Zero to Flow: Setting Up ElastiFlow in Minutes
By: Eban Bisong
January 23, 2024
ElastiFlow offers complete network visibility. ElastiFlow collects unsampled flow data and standardizes data from network devices, including industry-leading vendor-specific field support. As well as being easy to set up, it's also easy to use and requires no special training. ElastiFlow takes an open data approach to network observability, meaning you remain in control of your data and can economically leverage this data. ElastiFlow provides powerful analytics tools that allow you to troubleshoot problems, plan capacity, and investigate security incidents.
Before diving in, ensure you have:
A router that supports NetFlow, IPFIX, or sFlow
This guide uses a community license. If your network is large and you aim to collect more data quickly, visit ElastiFlow’s Subscription Page to select the right license for your needs.
Setting Up with Docker-Compose
docker-compose.yml file will serve as the core of this setup. Below is a generic setup that brings together Elasticsearch, Kibana, and the ElastiFlow flow collector:
Make sure to tailor this docker-compose file to fit your specific needs. For detailed configuration guidance, you can review the ElastiFlow Configuration Reference.
When running your Elasticsearch container, you might encounter the following bootstrap check failure that prevents the service from starting.
To solve this, increase the
vm.max_map_countfield in your
sysctl.conf, then restart the Elasticsearch container.
Wrapping It Up
With your configurations in place, initiate the services using the command
docker-compose up. Remember to configure your supported router to forward flows to port 9995.
Kibana Dashboards: To enhance your monitoring experience, download and upload ElastiFlow’s pre-defined ECS (Elastic Common Schema) Kibana dashboards. These dashboards offer a detailed view of your network flows, aiding in identifying patterns, anomalies, or potential issues more effectively. Access and integrate these ECS dashboards by following the instructions in the official ElastiFlow Kibana Dashboards Guide.
As a software engineer on ElastiFlow, I’ve experienced firsthand how this tool has empowered businesses. It provides real-time insights, streamlines network analysis, and simplifies troubleshooting. Whether you’re in banking, healthcare, or any other sector, ElastiFlow can make a big difference. Dive in and explore what your network data can reveal! If you need help, join the ElastiFlow Slack Community https://elastiflowcommunity.slack.com
(Note: This post is an edit of my original which was published on Medium in October, 2023)