Does ElasticFlow support sflow-rt?

[mmihir82]

Hello We have tons of linux devices which are setup for hsflowd is the daemon that samples and sends sFlow data to configured collectors. It is configure and I can see the data via InMon stats, but not seeing data send to Elasticflow. Is the sflow-rt supports? Can you help to troubleshoot? Thank you

[robcowart]

ElastiFlow is currently focused on sFlow flow samples, not counter samples. We are however nearing completion of an all new collector, which will be able to handle the full set of counter samples listed here... https://sflow.org/developers/structures.php. I was literally working on this yesterday and this morning... Here is an example output from interface and ethernet counter samples...

{
    "flow": {
        "collect": {
            "timestamp": 1604738138000
        },
        "export": {
            "ip": {
                "addr": "192.168.2.2",
                "version": {
                    "name": "IPv4",
                    "ver": 4
                }
            },
            "l4": {
                "port": {
                    "id": "1520"
                }
            },
            "sysuptime": 2718159286,
            "type": "sflow",
            "version": {
                "name": "sFlow v5",
                "ver": "5"
            }
        },
        "seq_num": 18108
    },
    "netif": {
        "bandwidth": {
            "bw": 1000000000
        },
        "bytes": {
            "in": 226597576509,
            "out": 250652434773
        },
        "direction": {
            "state": "Full-Duplex"
        },
        "ethernet": {
            "collisions": {
                "excess": 0,
                "late": 0,
                "multi_frame": 0,
                "single_frame": 0
            },
            "deferred_tx": 0,
            "errors": {
                "alignment": 0,
                "carrier_sense": 0,
                "fcs": 0,
                "mac": {
                    "rx": 0,
                    "tx": 0
                },
                "sqetest": 0,
                "symbol": 0
            },
            "frames": {
                "too_long": 0
            }
        },
        "index": 504,
        "packets": {
            "bcast": {
                "in": 175327,
                "out": 2184250
            },
            "discard": {
                "in": 0,
                "out": 0
            },
            "error": {
                "in": 0,
                "out": 0
            },
            "mcast": {
                "in": 3153,
                "out": 5047317
            },
            "ucast": {
                "in": 270810175,
                "out": 285397009
            },
            "unkproto": {
                "in": 0
            }
        },
        "promisc_mode": 0,
        "state": {
            "admin": {
                "name": "Up"
            },
            "oper": {
                "name": "Up"
            }
        },
        "type": {
            "name": "Ethernet CSMA/CD"
        }
    },
    "sflow": {
        "pen": {
            "name": "IANA"
        },
        "sample": {
            "seq_num": 324051
        },
        "sample_type": {
            "name": "counter_sample"
        },
        "samples": 1,
        "size": 168,
        "source_id": 504,
        "source_id_type": {
            "name": "Interface Index"
        },
        "sub_agent_id": 16
    }
}

If you can provide a PCAP of the host related counters it would actually be very helpful for my testing. I can then make sure you are aware when you can try out the new collector. You can send the PCAP to elastiflow@gmail.com.

[robcowart]

The all-new ElastiFlow Unified Flow Collector supports all sFlow counter samples for which the specification is provided on sflow.org. You can now tryout the beta of the new collector. You will get much better performance and many new features. For more information and as well as a link to join the ElastiFlow Community Slack please go... HERE.