Understanding filebeat monitoring stats when ingesting netflow traffic

Question

I'm running filebeat 7.14.0 to ingest Netflow data, which is then stored in Elasticsearch and viewed on Kibana. When I run filebeat -e, I will see some logs generated by filebeat every 30s.

I'm trying to understand the stats more. For example, I see

"input":{"netflow":{"flows":1234,"packets":{"dropped":2345,"received":12345}}}}

But each netflow packet contains about 10 netflow records, so when I receive 12345 packets, I would expect 123450 flows, and the stats only show 1234 flows. Does it mean I'm missing a lot of flows?

score 0 · Answer 1 · answered Jul 28 '22 at 11:18

For Better understanding of logs , enable logging in debug mode and add Logging.Selector : ["input"] This will show you stats per sec in the logs . Add grep "stats" while checking the log to easily check the stats .

This will show you Flows and packets per second

Understanding filebeat monitoring stats when ingesting netflow traffic

1 Answers1