Hi
I have just installed the ELK 5.2.2 suite. It's running fine. I have added two Netflow v9 exporters in two Mikrotik routers and configured the netflow codec according to the documentation:
input {
udp {
host => "192.168.1.202"
port => 2070
codec => netflow {
versions => [5, 9]
netflow_definitions => "/usr/local/etc/logstash/netflow.yaml"
}
type => "netflow"
}
udp {
host => "192.168.2.2"
port => 2071
codec => netflow {
versions => [5, 9]
netflow_definitions => "/usr/local/etc/logstash/netflow.yaml"
}
type => "netflow"
}
}
It works, I can see the Netflow records on Kibana after Logstash acquires the templates, but I have a problem. The IP address fields have the "string" type instead of "ip", which severely limits its usefulness.
Any ideas? I guess this is a stupid question but I am unable to find out where to fix this.
Thanks!