# Quickstart Guide

### Getting Started

Follow this guide to get immediate insights into your network. This is an opinionated, non-production installation option that gets you set up with NetObserv and OpenSearch one a single virtual machine. Refer to the [Installation section](/flowcoll/installation.md) for production-grade deployments and setup.

The ElastiFlow Virtual Appliance provides a pre-configured virtual machine with Ubuntu 24.04 LTS, NetObserv Flow, and OpenSearch pre-installed. This is an ideal solution for proof-of-concept (PoC) and lab environments.

{% hint style="info" %}
The virtual appliance is designed to get you up and running quickly. It includes a single-node OpenSearch cluster with a pre-configured NetObserv Flow instance. For production deployments, consider installing NetObserv Flow on dedicated infrastructure using Docker or native packages.
{% endhint %}

### System Requirements

The following are the system requirements for running the virtual appliance.

| Requirement | Minimum                                             |
| ----------- | --------------------------------------------------- |
| Hypervisor  | VMware ESXi 6.7+, VMware Workstation, VMware Fusion |
| vCPUs       | 4                                                   |
| Memory      | 16 GB                                               |
| Disk        | 128 GB (expandable)                                 |

### Download the OVA

The OVA image can be downloaded using either the `wget` or `curl` command:

```
wget https://elastiflow-virtual-appliance.s3.us-east-2.amazonaws.com/2026-04-28/elastiflow-quickstart-7.23.0-1-amd64.ova
```

```
curl https://elastiflow-virtual-appliance.s3.us-east-2.amazonaws.com/2026-04-28/elastiflow-quickstart-7.23.0-1-amd64.ova
```

### Deploying the OVA

#### VMware ESXi / vCenter

The steps below outline how to deploy the OVA using the vSphere Client or the standalone ESXi Host Client.

1. Log into the vSphere Client or ESXi Host Client.
2. Navigate to **Virtual Machines** → **Create/Register VM**.
3. Select **Deploy a virtual machine from an OVF or OVA file**.
4. Browse to and select the downloaded OVA file.
5. Follow the deployment wizard:
   * Provide a name for the VM.
   * Select the destination compute resource and storage.
   * Review the configuration settings.
6. Power on the VM.

#### VMware Workstation / Fusion

1. From the menu, select **File** → **Open**.
2. Select the downloaded OVA file.
3. Review the settings in the import dialog and click **Import**.
4. Adjust any VM settings as needed.
5. Power on the VM.

#### Proxmox

1. Navigate to the Datacenter view and select the **Storage** panel.
2. Select your desired OVA storage location (e.g. local) an click on the **Edit** button.
3. Expand the **Content** drop-down menu and add **Disk image** and **Import,** if not already enabled, then press **OK**.
4. From the left panel navigation, select the storage object that was modified (e.g. local) and select **Import**. Select the **Download from URL** button and paste in the following url:<br>

   ```
   https://elastiflow-virtual-appliance.s3.us-east-2.amazonaws.com/2026-04-28/elastiflow-quickstart-7.23.0-1-amd64.ova
   ```

   \
   Click **Query URL** to retrieve file name.\
   Then press **Download**.
5. Close the **Download** window and in the same **Import** panel, select the newly imported OVA and click the **Import** button.
6. Adjust any VM settings as needed, then press **Import**.
7. Power on the VM.

### Initial Configuration

The virtual appliance uses cloud-init to handle initial configuration. Cloud-init configures the system on first boot, including user accounts, networking, and disk expansion.

To provide configuration, create a cloud-init configuration drive (an ISO containing your settings) and attach it to the VM before first boot.

#### Creating the Cloud-Init Configuration Drive

The cloud-init drive should be an ISO containing two files: `user-data` and `network-config`. You can create this using the `cloud-localds` utility on Linux, or use any ISO creation tool.

#### user-data

The `user-data` file configures the initial user account and system settings. The following is a template to get started:

```yaml
#cloud-config
autoinstall:
  version: 1
  locale: en_US.UTF-8
  keyboard:
    layout: us
  ssh:
    install-server: true
    allow-pw: true
  identity:
    hostname: elastiflow
    username: elastiflow
    password: "<encrypted-password>"
  late-commands:
    - curtin in-target --target=/target -- lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv
    - curtin in-target --target=/target -- resize2fs /dev/ubuntu-vg/ubuntu-lv
```

{% hint style="info" %}
To generate an encrypted password for the `user-data` file, run either the python3 *or* the openssl command shown below and copy the output into the password field:<br>

```
openssl -6 'your-password'
```

```
python3 -c "import crypt; print(crypt.crypt('your-password', crypt.mksalt()))"
```

{% endhint %}

#### network-config (optional)

If your environment requires a static IP address, include a `network-config` file to configure networking:

```yaml
version: 2
ethernets:
  ens160:
    dhcp4: false
    addresses:
      - 192.168.1.100/24
    gateway4: 192.168.1.1
    nameservers:
      addresses:
        - 8.8.8.8
        - 8.8.4.4
```

If no `network-config` is provided, the VM will use DHCP to obtain an IP address automatically.

### Attaching the Cloud-Init Drive

Once you've created the cloud-init ISO, attach it to the VM as a CD/DVD drive.

#### VMware ESXi

1. Edit the VM settings.
2. Click **Add New Device** → **CD/DVD Drive**.
3. Select **Datastore ISO File** and browse to your cloud-init ISO.
4. Ensure **Connect At Power On** is checked.
5. Power on the VM.

#### VMware Workstation

1. Edit the VM settings.
2. Click **Add** → **CD/DVD**.
3. Select **Use ISO image file** and browse to your cloud-init ISO.
4. Ensure **Connected** is checked.
5. Power on the VM.

#### Proxmox

1. Edit the VM settings.
2. Select the Cloud-Init option on the vm's navigation.
3. Select your preferred configuration options (username, password, ssh keys, etc.)
4. Select **Regenerate Image**
5. Power on the VM.

### First Boot

On first boot, cloud-init will:

1. Expand the root filesystem to fill the available disk space.
2. Apply the network configuration (if provided).
3. Create the `elastiflow` user account.
4. Enable SSH access.

Once the VM has finished booting, you can connect via SSH using the credentials defined in `user-data`.

{% hint style="warning" %}
For security, change the default password immediately after your first login.
{% endhint %}

### Accessing the Services

With the virtual appliance deployed and running, the following services are available out of the box:

| Service               | URL                    | Credentials         |
| --------------------- | ---------------------- | ------------------- |
| OpenSearch Dashboards | `https://<vm-ip>:5601` | admin / Elast1flow! |
| Flow Collector API    | `http://<vm-ip>:8080`  | -                   |

### Firewall Configuration

Ensure your network allows access to the following ports:

| Port | Service               | Protocol |
| ---- | --------------------- | -------- |
| 9995 | NetFlow/IPFIX/sFlow   | UDP      |
| 5601 | OpenSearch Dashboards | TCP      |
| 8080 | Flow Collector API    | TCP      |
| 22   | SSH                   | TCP      |

### Troubleshooting

#### VM won't start after deployment

If the VM fails to boot:

* Verify the OVA imported without errors.
* Check that the host has sufficient CPU, memory, and storage resources.
* Ensure the cloud-init ISO is properly attached and accessible.

#### Cloud-init doesn't apply configuration

If the system doesn't pick up your cloud-init settings:

* Verify the ISO is attached as a CD/DVD device and connected.
* Check the VM console for cloud-init error messages.
* Validate the YAML syntax in your `user-data` file.

#### Cannot access services

If you're unable to reach OpenSearch Dashboards or the API:

* Verify your firewall allows the required ports.
* Confirm the VM has obtained a valid IP address.
* If using hostnames, ensure DNS is configured correctly.

#### Running out of disk space

OpenSearch stores its data on the secondary disk you added during deployment. If disk space becomes an issue:

* Verify the secondary disk is properly attached and mounted.
* Consider adding more storage to the secondary disk.

<br>

&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.elastiflow.com/flowcoll/quickstart-guide.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.