    +1 for elasticflow

    But make sure to clear the indexes, as it wasn't included with the project, when we installed ours.

    Here's our solution that delete them after 90 days.

----- Crontab

0 12 * * * (cd /usr/local/<your corp>/scripts; ./<your corp>_elastiflow_prune.sh) > /dev/null 2>&1

----- Content of the *_prune.sh for Linux

#!/bin/csh -f

set d_current=`date "+%s"`
set d_90=`expr ${d_current} - $ 90 \* 24 \* 60 \* 60 $`
set idx=`date -d @${d_90} "+%Y.%m.%d"`

curl -XDELETE "http://localhost:9200/elastiflow-${idx}"

-----
Alain Hebert                                ahebert@pubnix.net   
PubNIX Inc.        
50 boul. St-Charles
P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443

On 2019-05-18 00:19, Crist Clark wrote:

Been loving Elastiflow. Way overkill for what you need, but it's
actually pretty easy to setup.

https://github.com/robcowart/elastiflow


On Fri, May 17, 2019 at 7:25 AM Dennis Burgess via NANOG
<nanog@nanog.org> wrote:

I am looking for a free program to take netflow and output what the top traffic ASes to and from my AS are.   Something that we can look at every once in a while, and/or spin up and get data then shutdown..  Just have two ports need netflow from currently.



Thanks in advance.





Dennis Burgess, Mikrotik Certified Trainer

Author of "Learn RouterOS- Second Edition”

Link Technologies, Inc -- Mikrotik & WISP Support Services

Office: 314-735-0270  Website: http://www.linktechs.net

Create Wireless Coverage’s with www.towercoverage.com