Hallo
I face an interestinge problem with the GELF Output. I need to send all data that comes from the netflow plugin into the GELF Output, but on STDOUT i always get this Error
> WARN logstash.outputs.gelf - Trouble sending GELF event {:gelf_event=>{"short_message"=>nil, "full_message"=>"%{message}", "host"=>"192.168.1.1", "_ipfix_destinationIPv4Address"=>"192.168.1.2", "_ipfix_octetTotalCount"=>0, "_ipfix_destinationTransportPort"=>55446, "_ipfix_flowStartSysUpTime"=>4294967295, "_ipfix_sourceIPv4Address"=>"192.168.1.1", "_ipfix_flowEndSysUpTime"=>4294967295, "_ipfix_flowDurationMilliseconds"=>0, "_ipfix_ingressInterface"=>4294967295, "_ipfix_version"=>10, "_ipfix_packetDeltaCount"=>0, "_ipfix_firewallEvent"=>3, "_ipfix_protocolIdentifier"=>6, "_ipfix_sourceMacAddress"=>"00:00:00:00:00:00", "_ipfix_egressInterface"=>41874, "_ipfix_octetDeltaCount"=>0, "_ipfix_sourceTransportPort"=>636, "_ipfix_packetTotalCount"=>0, "_type"=>"ipfix", "level"=>6}, :event=>2017-07-10T21:05:37.000Z 10.99.255.11 %{message}, :error=>> #<ArgumentError: short_message is missing. Options version, short_message and host must be set.>}
I tried googling that error but i cannot mutate the input to copy to short_message but when i this, it still fails.
Logstash config
input {
udp {
port => 1535
codec => netflow {
versions => [10]
target => ipfix
}
type => ipfix
}
tcp {
port => 4739
codec => netflow {
versions => [10]
target => ipfix
}
type => ipfix
}
}
output {
stdout{}
gelf {
host => 'graylog'
port => 12202
short_message => 'short_message'
}
}