I installed the elastiflow pipelines/module on my Logstash.
The Netflow-Data is ingested in a Filebeat (input netflow) and then forwarded to a Logstash pipeline.
In this Pipeline there is a switch/case on the log type.
If type is netflow then the data is forwarded to a elastiflow pipeline.
The data is indexed but in "netflow-format". The field mapping does not work.
It seems that elastiflow plugin is online working correctly if i ingest in logstash directly (plain udp netflow traffic)
Is there a workaround to do this? Maybe map the field directly in filebeat?