Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Supporting flow records without direction field (ingress/egress)

Description

There has been a number of reported cases where the netflow.direction field is not set for flows sent via Netflow v9.

Since we rely on this field to distinguish ingress vs egress, the traffic statistics generated by the REST API contain 0s for number of bytes transferred.

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Christian Pape August 1, 2018 at 11:35 AM

Christian Pape August 1, 2018 at 11:35 AM

The null_value approach has one problem: the default value is applied when persisting in ES, the flow will not be classified or enriched because the direction is not set. So, it is probably the best way to enforce the default value when creating the FlowDocument instance.

Christian Pape August 1, 2018 at 6:37 AM

Yes, this will be my approach. Is there a chance to get template + data record without the direction set for setting up a basic test?

Martin Lärcher July 12, 2018 at 2:43 PM

We have a lot of Netflow v9 devices who are not set the netflow.direction - so all Grafana dashboards are empty. Is it possible to change the mapping in elasticsearch for flow data to set a default value for the direction field? See https://www.elastic.co/guide/en/elasticsearch/reference/current/null-value.html

Fixed

Details

Assignee

Reporter

Sprint

Fix versions

Affects versions

Priority

PagerDuty

Created June 22, 2018 at 3:43 PM
Updated August 3, 2018 at 11:58 PM
Resolved August 3, 2018 at 11:58 PM