User's Guide
Table Of Contents
- ExtremeAnalytics® User GuideVersion 8.4
- Legal Notices
- Trademarks
- Contact
- Extreme Networks® Software License Agreement
- Table of Contents
- ExtremeAnalytics™ Help
- ExtremeAnalytics Licensing
- Configuring Enhanced Netflow for Extreme Analytics and Extreme Wireless Contr...
- How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- ExtremeAnalytics Tab Overview
- ExtremeAnalytics Dashboard Overview
- ExtremeAnalytics Insights Dashboard
- ExtremeAnalytics Tracked Applications Dashboard
- ExtremeAnalytics Browser Overview
- ExtremeAnalytics Application Flows
- ExtremeAnalytics Fingerprints Overview
- ExtremeAnalytics Custom Fingerprints
- Delete Custom Fingerprints
- Custom Fingerprint Examples
- Create Custom Fingerprints Based on Flow
- Create Custom Fingerprints Based on Destination Address
- Create Custom Fingerprints Based on Application or Application Group
- ExtremeAnalytics Packet Captures
- ExtremeAnalytics Configuration Overview
- Virtual Sensors
- ExtremeAnalytics Engine Advanced Configuration
- Flow Collection Type
- Collection Privacy Levels
- Client Aggregation
- Slow Client Data
- Max End-Systems in Hourly Details
- Sensor Log Levels
- Store Application Site Data
- ExtremeControl Integration
- Flow Sources/Application Telemetry Sources
- Web Credentials
- Configuration Properties
- Sensor Modules
- Auditing
- Network Settings
- ExtremeAnalytics Reports
- ExtremeAnalytics Report Descriptions
- Report Descriptions
- Analytics Events
- Bandwidth for a Client Over Time
- Interface Top Applications Treemap
- Sites Using the Most Bandwidth
- Most Popular Applications
- Most Used Applications for a Client
- Most Used Applications for a User Name
- Network Activity by Site
- Network Activity by Client
- Network Activity by Application
- Slowest Applications by Site
- Top Applications Group Radar
- Top Applications Radar
- Top Applications TreeMap
- Top Applications for Interface
- Top Applications for Server
- Top Clients by Interface
- Top Interfaces by Application
- Top N Applications
- Top N Clients
- Top N Servers
- Report Descriptions
- Add and Modify Fingerprints
- Add Fingerprints
- Enable or Disable Fingerprints
- Modify Fingerprints
- Update Fingerprints
- Custom Fingerprint Examples
- How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- ExtremeAnalytics Virtual Sensor Configuration in Extreme Management Center
- Stream Flow Data from ExtremeAnalytics into Splunk
- Stream Flow Data from ExtremeAnalytics into Elastic Stack
Overview
207 of 218
Stream Flow Data from
ExtremeAnalytics into Elastic Stack
ExtremeAnalytics includes the ability to stream flow data from an
ExtremeAnalytics engine to Elastic Stack (aka ELK stack). To help you use
Elastic Stack with ExtremeAnalytics, we added an ELK directory to the Extreme
Management Center NetSight/appdata/Purview directory.
The ELK directory contains the following:
l A PDF describing how to add the open-source “Elastiflow” module to an ELK server
and how to update this deployment to make Elastiflow aware of Extreme’s IPFIX
format.
l Files that you can copy to the ELK server to assist with the customization.
Use the procedures in this section to send Extreme Networks-enriched network
flow data to Elastic Stack using IPFIX and ElastiFlow.
Environment
l Extreme Management Center 8.2 and later
l Elastic Stack 6.7 (single server deployment) and later
l ElastiFlow 3.4.2 and later (version compatible with Elastic Stack 6.7) running on
Ubuntu Server 18.04
Overview
Use ElastiFlow to collect IPFIX flow data and visualize the results using Elastic
Stack. ElastiFlow requires a working Elastic Stack and it must be configured by
editing text files on the file system and by using the Kibana user interface.
The installation steps assume that IPFIX will only be sent over UDP on port 2055
from Extreme Management Center. After making the file system and UI changes,
you must restart the Elastic Stack components. Finally, enable and deploy the
IPFIX exporter of ExtremeAnalytics from the Extreme Management Center user
interface.