ElastiFlowElastiFlow

ElastiFlow Blog

Articles
News
Releases
Solutions
Videos

6.0 Introduces Support for AWS Flow Logs, ElastiFlow Splunk App, Bi-Directional Flows, Improved App Enrichment, and More.

By: The ElastiFlow Team

November 4, 2022

New Features

  • AWS VPC Flow Logs - AWS VPC Flow Logs are now supported via collection from S3. This includes support for all fields from VPC Flow Log versions 2 thru 5.

  • ElastiFlow Splunk App - The ElastiFlow Netflow Analytics for Splunk App is now available on Splunkbase. We will continue to update this app over the coming weeks and months.

  • Bi-Directional Flows - Bi-directional records, as sent by Velocloud SD-WAN and certain Cisco and other devices, are now split into two uni-directional records, enabling the full ElastiFlow feature set to be applied to both directions represented in the original record. Performance Improvements - A variety of performance enhancements provide a throughput increase of up to 250% at the same CPU utilization.

  • Collector Statistics - A Prometheus endpoint provides statistics for various internal collector components.

  • Liveness & Readiness - Liveness and Readiness endpoints have been added to improve the ability to monitor the state of the collector when running in Kubernetes.

  • Graceful Shutdown - When the collector is stopped, any buffered messages will be processed prior to the collector exiting.

  • Improved Application Enrichment - User-defined Application enrichment now supports any combination of IP addresses, CIDR blocks, IP ranges, ports and port ranges. Additionally it is now possible to enrich records with more than only app.name, including user-defined metadata. Finally, vendor-specific AppID to App attributes mappings may be added for devices which send AppIDs without option records.

  • Non-Flow Record Types - The collector will now create separate indices for non-flow record types. Currently supported are flow, telemetry (such as sFlow counter samples and Calix IPFIX telemetry records), and AS-Path hop records.

  • Generic HTTP Output - We have added an output which can be used to send records to an HTTP endpoint such as the http_endpoint input of Elastic's Filebeat, or the http input of Elastic's Logstash.

Learn more from the changelog.