New Sample Rate Support in ElastiFlow NetObserv 7.4

Customize the sample rate of your VPC or Transit Gateway flow logs with the new sample rate support in NetObserv 7.4.0

Many of you have reached out to us about getting Cloud flow logs ingested into ElastiFlow NetObserv, to get all network flows of your hybrid network into one set of dashboards.While we have been supporting VPC flow log retrieval through an S3 bucket for a while now, we have recently added support for having AWS Kinesis Firehose stream the data to NetObserv. This has become the default way we ingest VPC and Transit Gateway flow logs because of the many benefits this solution provides, like:
Streaming data rather than having to poll and then move data on an S3 bucket
Ability to combine flow logs from multiple regions and accounts into a single data stream
Enhanced configuration options in Firehose

Another reason to use Firehose is that you can define a Lambda function that is run on all flow data on the Firehose stream, providing an easy way to apply a sample rate to all flow logs. In ElastiFlow NetObserv 7.4.0, we’ve provided a similarly simple way to apply a custom sample rate to any flow data: User-defined sample rates now support CIDR blocks and IP ranges.

This allows you to set sample rates for any device or other data source that does not send the sample rate as part of netflow packets in a completely customizable way. To learn more about how you can set up sample rates, refer to our user guide.