« Troubleshoot the Universal Profiling backend Tutorial: Monitor your network devices with the Network Topology plugin »
Elastic Docs Elastic Observability [8.19] Infrastructure and host monitoring

Network Topology

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Network Topology

edit

This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

The Network Topology plugin is only supported on self-managed Kibana 8.19. It is not compatible with Elasticsearch Service or Elastic Cloud Serverless.

The Network Topology plugin lets you monitor SNMP-enabled network devices from a single view in Kibana. On this page, you’ll find information on use cases, features, and how the plugin works.

Use cases

edit

Use the Network Topology plugin to:

  • Monitor SNMP-enabled network devices, such as routers and switches, from a single view.
  • Visualize L2 and L3 topology and routing protocol state (BGP, OSPF) without a dedicated NMS.
  • Identify interface issues and routing adjacency changes across sites.

Features

edit

The Network Topology plugin includes:

  • A reference Logstash pipeline that walks the IF-MIB (interface counters and status), IP-MIB (ARP tables and IP address assignments), BRIDGE-MIB (MAC address forwarding tables), BGP4-MIB (BGP peer sessions), and OSPF-MIB (OSPF neighbor adjacencies) on each target device at a configurable poll interval. The pipeline handles poll timeouts, missing OID branches on devices that don’t support a given MIB, and batching across large device inventories.
  • A snmp-device-enrichment ingest pipeline that parses each device’s sysDescr string to assign a normalized host.type (router, switch, firewall, access point, server) and observer.vendor. The pipeline recognizes common vendors out of the box (Cisco, Juniper, Arista, Fortinet, Palo Alto, HPE, Aruba) and is extensible for less common hardware.
  • An interactive topology graph in Kibana’s Observability navigation that builds an adjacency graph from ARP, MAC table, BGP, and OSPF relationships and renders it as a force-directed layout you can zoom, pan, and rearrange. Clicking a device opens a flyout with its interface table, ARP neighbors, BGP peers, and OSPF adjacencies.
  • A sample data generator and Docker Compose dev environment, so you can evaluate the plugin with a realistic multi-site network before connecting to live infrastructure.

How it works

edit

The Network Topology plugin renders data that Logstash collects from your network devices over SNMP and indexes into Elasticsearch:

  1. Logstash polls SNMP-enabled devices on your network.
  2. Logstash writes the collected data into an Elasticsearch data stream.
  3. The snmp-device-enrichment ingest pipeline classifies each document by device type and vendor.
  4. The Network Topology plugin reads from the data stream and displays sites, devices, and topology in Kibana.s

Next steps

edit
« Troubleshoot the Universal Profiling backend Tutorial: Monitor your network devices with the Network Topology plugin »