This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Manage flows

Create flow

To create a new flow, open the AxoConsole, then complete the following steps:

  1. Select Flows.

  2. Select Add Flow.

  3. Enter a name for the flow, for example, my-test-flow.

    Create a flow

  4. In the Router Selector field, enter an expression that matches the router(s) you want to apply the flow. To select a specific router, use a name selector, for example, name = my-axorouter-hostname.

    You can use any labels and metadata of the AxoRouter hosts in the Router selectors, for example, the hostname of the AxoRouter, or any custom labels.

    • If you leave the Router Selector field empty, the selector will match every AxoRouter instance.
    • To select only a specific AxoRouter instance, set the name field to the name of the instance as selector. For example, name = my-axorouter.
    • If you set multiple fields in the selector, the selector will match only AxoRouter instances that match all elements of the selector. (There in an AND relationship between the fields.)

  5. Select the Destination where you want to send your data. If you don’t have any destination configured, you can select + Add in the destination section to create a new destination now. For details on the different destinations, see Destinations.

    • If you don’t have any destination configured, see Destinations.
    • If you’ve already created a store, it automatically available as a destination. Note that the Router Selector of the flow must match only AxoRouters that have the selected store available, otherwise you’ll get an error message.
    • If you want to send data to another AxoRouter, enable the Show all destinations option, and select the connector of the AxoRouter where you want to send the data.

    AxoRouter as destination

  6. (Optional) To process the data transferred in the flow, select Add New Processing Step. For details, see Processing steps. For example:

    1. Add a Classify, a Parse, and a Reduce step, in that order, to automatically remove redundant and empty fields from your data.
    2. To select which messages are processed by the flow, add a Select Messages step, and enter a filter into the AQL Expression field. For example, to select only the messages received from Fortinet FortiGate firewalls, use the meta.vendor = fortinet AND meta.product = fortigate query.
    3. Save the processing steps.

    Example processing steps

  7. Select Add.

  8. The new flow appears in the Flows list.

    The new flow

Disable flow

You can disable a flow without deleting it if needed by clicking the toggle on the right of the flow name.

CAUTION:

Disabling a flow immediately stops log forwarding for the flow. Any data that’s not forwarded using another flow can be irrevocably lost.

Disable flow