I have configured filebeat netflow.yml to receive netflow data
my filebeat.yml input
filebeat.inputs:
# filestream is an input for collecting log messages from files.
- type: filestream
# Unique ID among all inputs, an ID is required.
id: my-filestream-id
# Change to true to enable this input configuration.
enabled: false
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /var/log/*.log
#- c:\programdata\elasticsearch\logs\*
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: true
# Period on which files under path should be checked for changes
#reload.period: 10s
modules.d/netflow.yml
# Module: netflow
# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.6/filebeat-module-netflow.html
#-netflow.html
- module: netflow
log:
enabled: true
var:
max_message_size: 500KiB
netflow_host: 0.0.0.0
netflow_port: 9995
queue_size: 8000
time_out: 1200
expiration_timeout: 0
and I'm getting this error in logs getting data from huawei AR devices (cisco devices work well),
{"file.name":"netflow/input.go","file.line":81},"message":"[netflow-v9] No template for ID 1315","service.name":"filebeat","ecs.version":"1.6.0"}
Is there any workaround for this? How do I manually add this template if possible ?