Forum Discussion

Altocumulus

Jun 22, 2022

sFlow/Netflow

Hello, I need to configure my BIGIP to send sFlow to ELK, so I need the version of sFlow or Netflow used by F5 BIGIP (version 14.1.4) can any one help with this please ? Regards,

security

PSFletchTheTek

Cumulonimbus

Jun 22, 2022

Hi,

sFlow on ELK isn't very well support, netflow which is very slightly different is much better.
It has filebeats and logstash plugins ready to go.

Also the default sFlow config doesn't help much.

I would recommend using netflow and using a method like this
https://docs.illumio.com/asp/20.2/Content/Guides/flowlink-configure-usage/collect-flow-records-f5.htm

Sorry i can't for the life of me get google to find the f5 pages that show the same, but in short its basically a log publisher and log destination setup like syslog. Then all you do is have a simple irule on the virtual server that you want logging.

This setup supports netflowv9 and ipfix (v10) so you should be good to go!
Hope this helps.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

sFlow/Netflow

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Webtop which has VNC for macos users

AST Configuration Assistance

Floating IP responds from wrong VLAN/trunk

expandsSubcollections and filtering in F5 SDK

F5 i-series Guests to r-series tenants migration

Related Content

F5 sFlow with ManageEngine Netflow

UDP TCP Packet Duplication

Re: If Kernighan were a network architect he would say...

Re: How to enable Netflow on the F5

Re: sflow NAT vs local subnet to reach MGMT station on another subnet...

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS