30. 12. 2024
APM, Development, NetEye
15. 05. 2026
Tobias Goller
Unified Monitoring
ElastiFlow – Analysis and Visualization of Network Flows
ElastiFlow collects NetFlow data from networks, such as NetFlow, sFlow, or IPFIX. This data can be sent by routers, switches, probes and other devices. The ElastiFlow Engine then processes this data and optimizes its normalization before writing it to a database such as Elasticsearch.
What makes ElastiFlow particularly interesting is that it is well suited for large data volumes and many exporters. ElastiFlow can receive, analyze, and display flows in the millions. Data from hundreds of exporters can be displayed and filtered in the interface. Naturally, this requires a powerful architecture and a high-performance database implementation such as Elasticsearch. The pre-built templates for anomaly detection further round out its functionality.
What’s New
There is now a new development in the ElastiFlow ecosystem: The ability to perform network flow analysis in a Kubernetes environment.
Mermin is a network observability tool designed for Kubernetes that uses eBPF to capture network traffic at the node level. The collected communication data is exported as flow traces via the OpenTelemetry Protocol (OTLP). It’s deployed once per node and enables detailed analysis of network communication within the cluster without requiring any changes to the applications.
This capability to capture network flows from a Kubernetes environment extends conventional Kubernetes monitoring, as Kubernetes environments are typically monitored using the MELT stack (Metrics, Events, Logs, Traces).
APM traces reflect application behavior, while network monitoring typically focuses on IP-based metrics. However, there’s often a gap between these two perspectives: If, for example, a trace shows a slow network span, there’s often no direct link to the underlying network flow data that caused it. Conversely, detected bottlenecks or anomalies in the network cannot easily be mapped to specific services or pods.
Mermin uses eBPF to capture network traffic and provides this data as so-called flow traces. Network flows are modeled as OpenTelemetry spans, which makes it possible to integrate network information seamlessly into the OpenTelemetry ecosystem and process it further through a standardized signal type.
Ultimately, these collected flows from the Kubernetes environment can be analyzed in the usual ElastiFlow interface.
A brief comparison of Mermin with other monitoring approaches:
By using ElastiFlow together with Mermin, Kubernetes monitoring is comprehensively enhanced and completed through the capture of network flows.
These Solutions are Engineered by Humans
Did you find this article interesting? Does it match your skill set? Our customers often present us with problems that need customized solutions. In fact, we’re currently hiring for roles just like this and others here at Würth IT Italy.
Tobias Goller
NetEye Solution Architect at Würth IT Italy
I started my professional career as a system administrator.
Over the years, my area of responsibility changed from administrative work to the architectural planning of systems.
During my activities at Würth IT Italy, the focus of my area of responsibility changed to the installation and consulting of the IT system management solution WÜRTHPHOENIX NetEye.
In the meantime, I take care of the implementation and planning of customer projects in the area of our unified monitoring solution.
Author
Latest posts by Tobias Goller
16. 02. 2026
Unified Monitoring
OpenShift Monitoring in NetEye
13. 10. 2025
Log-SIEM, Unified Monitoring
Elastic Defend: Experiences
18. 07. 2025
Automation, Cloud
Running SOS Berlin JobScheduler in Containers: A Step Toward Cloud-Native Scheduling
16. 04. 2025
NetEye, Unified Monitoring
Application Performance Monitoring in NetEye with Elastic APM and OpenTelemetry