SUPPORTING ElastiFlow™ - Today literally 1000s of users leverage ElastiFlow™ As a powerful alternative to expensive commercial flow collecting solutions. As its popularity has increased, so has the time commitment necessary to support users and provide further enhancements. If you are one of the organizations who appreciate the value of ElastiFlow™, I would like to ask you to consider becoming a sponsor. The support from sponsors allows me dedicate more time and energy to the project. To become a sponsor, please visit ElastiFlow on .
The easiest way to get ElastiFlow™ up and running quickly is to use Docker and docker-compose. The following instructions will walk you through setting up a single node installation of ElastiFlow™ on Docker.
NOTE: These instructions assume that you will have a server available with a recent Linux distribution and both Docker and docker-composer installed.
Data written within a container's file system is ephemeral. It will be lost when the container is removed. For the data to persist it is necessary to write the data to local host's file system using a bind mount. You must create a path on the local host, and set the necessary permissions for the processes within the container to write to it.
sudo mkdir /var/lib/elastiflow_es
sudo chown -R 1000:1000 /var/lib/elastiflow_es
While the provided defaults should allow you to get up and running quickly, you may need to make changes specific to your requirements. After copying the provided docker-compose.yml
from the repository to the server, edit any relevant environment variables.
The ElastiFlow™ Logstash container can be configured using the same environment variables discussed in
INSTALL.md
.
Start the Elastic Stack (incl. Logstash with the ElastiFlow pipeline) using docker-compose
.
From the path where you placed the docker-compose.yml
file run:
sudo docker-compose up -d
The Index Patterns, vizualizations and dashboards can be loaded into Kibana by importing the elastiflow.kibana.<VER>.json
file from within the Kibana UI. This is done from the Management -> Stack Management -> Kibana Saved Objects
page.
You may also want to configure the recommend advanced Kibana settings discussed in INSTALL.md
.