Filebeat Netflow not getting to Kibana

Elastic Stack Beats
1

Hi Techs

Filebeat not getting the Netflow logs from Cisco. Not sure where to check. Using Filebeat 7.7.1 ELK also 7.7.1.Filebat , Kibana , Logstash and Elasticserach are running without errors.

Cisco Netflow config is correct.

File beat:
filebeat.inputs:
paths:
- /var/log/*.log
- /var/log/syslog

/etc/filebeat/modules.d$ sudo cat netflow.yml

  • module: netflow
    log:
    enabled: true
    var:
    netflow_host: 0.0.0.0
    netflow_port: 2055

Logstash output
hosts: ["localhost:5044"]

Logstash:
/etc/logstash/conf.d$
02-beats-input.conf 10-syslog-filter.conf 30-elasticsearch-output.conf

2

Screen Shot 2020-06-15 at 11.42.29
Screen Shot 2020-06-15 at 11.42.291850×888 70.9 KB
Screen Shot 2020-06-15 at 11.41.58
Screen Shot 2020-06-15 at 11.41.581261×550 44 KB
Screen Shot 2020-06-15 at 11.41.42
Screen Shot 2020-06-15 at 11.41.421215×412 35.1 KB
Screen Shot 2020-06-15 at 11.41.27
Screen Shot 2020-06-15 at 11.41.271191×776 67 KB
Screen Shot 2020-06-15 at 11.43.56
Screen Shot 2020-06-15 at 11.43.561464×668 46.2 KB

3

I added 3 files under /etc/logstash/conf.d$ . not sure those are required
02-beats-input.conf 10-syslog-filter.conf 30-elasticsearch-output.conf

4

Can you check if it's your logstash conf by removing it completely and setting up Filebeat output directly to Elasticsearch? Then, if you see events there, you can confirm that you need to work in the logstash config.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.