0

I have a very high volume Netflow input stream, and I was hoping that I could run multiple instances of Filebeat and load-balance the Netflow traffic over the Filebeat instances, and then write to a single remote Elasticsearch.

I've read about load-balancing to multiple outputs, but I'm looking for load-balancing from multiple inputs.

I can split the Netflow input over 2 physical ports, but I'm not sure how I can configure 2 instances of Filebeat to each be tied to a specific physical port.

Improve this question
2
  • In general : two start-up scripts for filebeat that each load a different and unique configuration file that configures each instance to listen to different ports i.e. with different var.netflow_host and var.netflow_port settings. Or is your problem more complicated? Commented May 12, 2023 at 7:20
  • I thought var.netflow_port refers to the UDP port of the netflow (IPFIX in my case) packets? I currently have filebeat listen to Port 4739, which is the dest port of the IPFIX packets. All of the packets would be sending to Port 4739. Is var.netflow_host the interface IP? If so, I might be able to configure the IPFIX packets to send to 2 different IP address, for each of the interfaces. I currently have it set to 0.0.0.0 as I only have one input. Commented May 12, 2023 at 8:46

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.