Feature request: Dashboards for different netflow sources

[Foamier]

Excellent job on the Elastiflow. This really competes with some of the professional solutions. Wondering if you could give some pointer on how to realize the following.

With the netflow collector listening on UDP port 9995, it is possible to have multiple routers/switches/FWs send netflow exports to Elastiflow. This is also common practice with commercial products. It avoids having to do different port configs on devices and the collector. Could you provide some pointers on how to easilly make dashboards for different netflow export sources? This way it's easy to go directly into the details of a specific device's netflow analysis.

The same could be done for doing a dashboard for a specific interface on a netflow exporter, if the source device has multiple interfaces with Netflow export enabled?

[robcowart]

ElastiFlow will collect data from multiple sources on a single port. The host field contains the IP address of the system which sent the flow record. By setting a global filter against this field you can focus on flows from specific devices. In fact global filters are the way to drill-down into the data by filtering on any field. There are a couple ways to set a global filter...

By clicking on a filter in a visualization:

By using the Add a filtertool:

Global filters can be "pinned", meaning they remain set when navigating away from a dashboard. This is very useful when navigating between dashboards. For this reason I recommend setting the the Advanced Setting to pin filters by default:

Alternatively you can filter data by adding a query to the query field: