Logstash 6.4.2 Netflow Failure

Hello folks,

I want to collect the netflow data provided by my network using elastic stack(elasticsearch-kibana-logstash/netflowModule).

To get logstash netflow module up and running, I use the the following command:

bin/logstash --modules netflow --setup -M "netflow.var.input.udp.port=2055" -M "netflow.var.kibana.host=127.0.0.1:5601"

and I get the following output:

Sending Logstash logs to /opt/elastic/logstash-6.4.2/logs which is now configured via log4j2.properties [2018-10-24T17:44:36,181][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified [2018-10-24T17:44:36,776][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.4.2"} [2018-10-24T17:44:36,908][INFO ][logstash.config.modulescommon] Setting up the netflow module [2018-10-24T17:44:37,392][ERROR][logstash.modules.kibanaclient] Error when executing Kibana client request {:error=>#<Manticore::UnknownException: Unrecognized SSL message, plaintext connection?>} [2018-10-24T17:44:37,550][ERROR][logstash.modules.kibanaclient] Error when executing Kibana client request {:error=>#<Manticore::UnknownException: Unrecognized SSL message, plaintext connection?>} [2018-10-24T17:44:37,704][ERROR][logstash.config.sourceloader] Could not fetch all the sources {:exception=>LogStash::ConfigLoadingError, :message=>"Failed to import module configurations to Elasticsearch and/or Kibana. Module: netflow has Elasticsearch hosts: [\"localhost:9200\"] and Kibana hosts: [\"127.0.0.1:5601\"]", :backtrace=>["/opt/elastic/logstash-6.4.2/logstash-core/lib/logstash/config/modules_common.rb:108:in block in pipeline_configs'", "org/jruby/RubyArray.java:1734:in each'", "/opt/elastic/logstash-6.4.2/logstash-core/lib/logstash/config/modules_common.rb:54:in pipeline_configs'", "/opt/elastic/logstash-6.4.2/logstash-core/lib/logstash/config/source/modules.rb:14:in pipeline_configs'", "/opt/elastic/logstash-6.4.2/logstash-core/lib/logstash/config/source_loader.rb:61:in block in fetch'", "org/jruby/RubyArray.java:2481:in collect'", "/opt/elastic/logstash-6.4.2/logstash-core/lib/logstash/config/source_loader.rb:60:in fetch'", "/opt/elastic/logstash-6.4.2/logstash-core/lib/logstash/agent.rb:142:in converge_state_and_update'", "/opt/elastic/logstash-6.4.2/logstash-core/lib/logstash/agent.rb:93:in execute'", "/opt/elastic/logstash-6.4.2/logstash-core/lib/logstash/runner.rb:362:in block in execute'", "/opt/elastic/logstash-6.4.2/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in block in initialize'"]}
[2018-10-24T17:44:37,712][ERROR][logstash.agent ] An exception happened when converging configuration {:exception=>RuntimeError, :message=>"Could not fetch the configuration, message: Failed to import module configurations to Elasticsearch and/or Kibana. Module: netflow has Elasticsearch hosts: ["localhost:9200"] and Kibana hosts: ["127.0.0.1:5601"]", :backtrace=>["/opt/elastic/logstash-6.4.2/logstash-core/lib/logstash/agent.rb:149:in converge_state_and_update'", "/opt/elastic/logstash-6.4.2/logstash-core/lib/logstash/agent.rb:93:in execute'", "/opt/elastic/logstash-6.4.2/logstash-core/lib/logstash/runner.rb:362:in block in execute'", "/opt/elastic/logstash-6.4.2/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in block in initialize'"]}
[2018-10-24T17:44:37,952][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}`

At the end, it says Logstash API is up but apparently it's not working. By the way, elasticsearch and kibana are up. Does anyone have any idea why it cannot import elasticsearch and kibana modules?

Thank you all in advance,
Mert

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.