Filebeat netflow module do not start after update to 7.11

UweW · February 11, 2021, 4:42pm

Hi,
after updating the stack from 7.10.2 to 7.11 the netflow module will not start anymore.
The only message we see every 10 seconds in journal is

filebeat[1976620]: 2021-02-11T17:40:01.242+0100        ERROR        [reload]        cfgfile/list.go:99        Error creating runner from config: Error getting config for fileset netflow/log: Error interpreting the template of the input: template: text:8:5: executing "text" at <.internal_networks>: map has no entry for key "internal_networks"

Hoppe that sombody can help.

Best regards
Uwe

UweW · February 11, 2021, 5:37pm

was able to fix it.
With 7.11 the ../modules/netflow.yml changed

I had to add

      internal_networks:
        - private

in my existing yml file

abraxxa · February 18, 2021, 8:58am

Just had the same issue.
The new variable is neither documented nor a note in the upgrade guide or breaking changes!

abraxxa · February 18, 2021, 9:28am

I opened a bug for the startup failure and missing docs for the new variable: [filebeat][netflow] filebeat does't start when internal_networks variable isn't defined in config file · Issue #24094 · elastic/beats · GitHub