ELK integration

Introduction

A primary function of the Vectra AI Platform is its ability to provide Enhanced Network Metadata gathered from various network sensors deployed across an environment. This metadata can be managed by Vectra (when using Vectra Recall) or stored in any Data Lake (when using Vectra Stream). A common choice for hosting this data is the ELK Stack (Elasticsearch, Logstash and Kibana). This article provides various resources for setting up and utilizing the network metadata produced by Vectra.

Compatibility matrix

​​​​​Qualified version of ELK:

• 7.x

• 8.x

* Composable index templates have been introduced in Elasticsearch 7.8.

Content Library

This content is stored in a GitHub repository. This is available at this address https://github.com/vectranetworks/vectra-content-for-elk.

Hosting this content on GitHub, as opposed to directly in this knowledge base, presents several advantages:

• Simplified change tracking

• Efficient version control

• Bug reporting capabilities

• Option to submit enhancement requests

• Notifications for any updates or changes.

The README file in the GitHub repository contains all the information about the content available as well as the instructions to install it.

In a nutshell, it contains the following:

• Logstash Configuration examples.

• Elasticsearch Index templates/components.

• Kibana Index patterns/data views, searches and dashboards.

You might not be utilizing Logstash for log shipping. While it has long been a favored choice and remains extensively used, other alternatives like Fluentd have become increasingly popular. It's important to note that the content for Elasticsearch and Kibana remains consistent regardless of the log shipper you use. Additionally, Vectra Stream offers support for directly sending network metadata to Elasticsearch.

Support

If you believe you found a bug or have an idea you'd like to suggest you may report an issue or start a discussion.