User's Guide
Table Of Contents
- ExtremeAnalytics® User GuideVersion 8.4
- Legal Notices
- Trademarks
- Contact
- Extreme Networks® Software License Agreement
- Table of Contents
- ExtremeAnalytics™ Help
- ExtremeAnalytics Licensing
- Configuring Enhanced Netflow for Extreme Analytics and Extreme Wireless Contr...
- How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- ExtremeAnalytics Tab Overview
- ExtremeAnalytics Dashboard Overview
- ExtremeAnalytics Insights Dashboard
- ExtremeAnalytics Tracked Applications Dashboard
- ExtremeAnalytics Browser Overview
- ExtremeAnalytics Application Flows
- ExtremeAnalytics Fingerprints Overview
- ExtremeAnalytics Custom Fingerprints
- Delete Custom Fingerprints
- Custom Fingerprint Examples
- Create Custom Fingerprints Based on Flow
- Create Custom Fingerprints Based on Destination Address
- Create Custom Fingerprints Based on Application or Application Group
- ExtremeAnalytics Packet Captures
- ExtremeAnalytics Configuration Overview
- Virtual Sensors
- ExtremeAnalytics Engine Advanced Configuration
- Flow Collection Type
- Collection Privacy Levels
- Client Aggregation
- Slow Client Data
- Max End-Systems in Hourly Details
- Sensor Log Levels
- Store Application Site Data
- ExtremeControl Integration
- Flow Sources/Application Telemetry Sources
- Web Credentials
- Configuration Properties
- Sensor Modules
- Auditing
- Network Settings
- ExtremeAnalytics Reports
- ExtremeAnalytics Report Descriptions
- Report Descriptions
- Analytics Events
- Bandwidth for a Client Over Time
- Interface Top Applications Treemap
- Sites Using the Most Bandwidth
- Most Popular Applications
- Most Used Applications for a Client
- Most Used Applications for a User Name
- Network Activity by Site
- Network Activity by Client
- Network Activity by Application
- Slowest Applications by Site
- Top Applications Group Radar
- Top Applications Radar
- Top Applications TreeMap
- Top Applications for Interface
- Top Applications for Server
- Top Clients by Interface
- Top Interfaces by Application
- Top N Applications
- Top N Clients
- Top N Servers
- Report Descriptions
- Add and Modify Fingerprints
- Add Fingerprints
- Enable or Disable Fingerprints
- Modify Fingerprints
- Update Fingerprints
- Custom Fingerprint Examples
- How to Deploy ExtremeAnalytics in an MSP or MSSP Environment
- ExtremeAnalytics Virtual Sensor Configuration in Extreme Management Center
- Stream Flow Data from ExtremeAnalytics into Splunk
- Stream Flow Data from ExtremeAnalytics into Elastic Stack
Part 1 – Installing and Configuring ElastiFlow and Elastic Stack
211 of 218
a. To prepare for this step, copy the extr_elastiflow_3.4.2.tar.gz file
to the /etc/logstash directory.
b.
cd /etc/logstash
sudo tar xvzf extr_elastiflow_3.4.2.tar.gz
7. Configure logstash pipelines.yml.
a.
sudo nano /etc/logstash/pipelines.yml
b. Add:
- pipeline.id: elastiflow
path.config: "/etc/logstash/elastiflow/conf.d/*.conf"
NOTE: Be careful about spacing and extra blank lines with the following file. Make
sure there are no blank lines between the main definition and the
elastiflow definition.
- pipeline.id: main
path.config: "/etc/logstash/conf.d/*.conf"
- pipeline.id: elastiflow
path.config: "/etc/logstash/elastiflow/conf.d/*.conf"
Do not add a <CR> at the end of the file.
Save the file.
The following configuration example receives Extreme Networks-enriched
IPFIX on UDP port 2055 only. We can modify the Logstash configuration
and service parameters to limit the Logstash plugins that are loaded.
To prepare for this step, copy the extr_udp_2055_logstash.tar.gz file
to the / directory.
cd /
sudo tar xvzf extr_udp_2055_logstash.tar.gz
cd /etc/logstash/elastiflow/conf.d
sudo mv 10_input_netflow_ipv4.logstash.conf 10_input_netflow_
ipv4.logstash.conf.disabled;
sudo mv 10_input_sflow_ipv4.logstash.conf 10_input_sflow_
ipv4.logstash.conf.disabled;
sudo mv 20_filter_20_netflow.logstash.conf 20_filter_20_
netflow.logstash.conf.disabled;