I success to install logstash with netflow modules,
but seem elasticearch seems doesnt to create index pattern.
Still figuring out what is missing.
Blockquote
./logstash --modules netflow
Sending Logstash logs to /root/logstash-7.0.0/logs which is now configured via log4j2.properties
[2019-04-12T03:44:27,476][INFO ][logstash.config.source.modules] Both command-line and logstash.yml modules configurations detected. Using command-line module configuration to override logstash.yml module configuration.
[2019-04-12T03:44:27,503][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-04-12T03:44:27,517][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.0.0"}
[2019-04-12T03:44:28,437][INFO ][logstash.config.source.modules] Both command-line and logstash.yml modules configurations detected. Using command-line module configuration to override logstash.yml module configuration.
[2019-04-12T03:44:28,554][INFO ][logstash.config.modulescommon] Starting the netflow module
[2019-04-12T03:44:39,970][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>, :added=>[http://localhost:9200/]}}
[2019-04-12T03:44:40,157][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://localhost:9200/"}
[2019-04-12T03:44:40,218][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>7}
[2019-04-12T03:44:40,222][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: thetypeevent field won't be used to determine the document _type {:es_version=>7}
[2019-04-12T03:44:40,256][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::Elasticsearch", :hosts=>["//localhost:9200"]}
[2019-04-12T03:44:40,689][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"/root/logstash-7.0.0/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-6.0.0-java/vendor/GeoLite2-ASN.mmdb"}
[2019-04-12T03:44:40,715][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"/root/logstash-7.0.0/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-6.0.0-java/vendor/GeoLite2-City.mmdb"}
[2019-04-12T03:44:40,717][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"/root/logstash-7.0.0/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-6.0.0-java/vendor/GeoLite2-City.mmdb"}
[2019-04-12T03:44:40,843][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"/root/logstash-7.0.0/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-6.0.0-java/vendor/GeoLite2-ASN.mmdb"}
[2019-04-12T03:44:40,852][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"/root/logstash-7.0.0/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-6.0.0-java/vendor/GeoLite2-ASN.mmdb"}
[2019-04-12T03:44:40,853][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"/root/logstash-7.0.0/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-6.0.0-java/vendor/GeoLite2-City.mmdb"}
[2019-04-12T03:44:41,025][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"/root/logstash-7.0.0/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-6.0.0-java/vendor/GeoLite2-City.mmdb"}
[2019-04-12T03:44:41,108][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"/root/logstash-7.0.0/vendor/bundle/jruby/2.5.0/gems/logstash-filter-geoip-6.0.0-java/vendor/GeoLite2-ASN.mmdb"}
[2019-04-12T03:44:41,127][INFO ][logstash.javapipeline ] Starting pipeline {:pipeline_id=>"module-netflow", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1000, :thread=>"#<Thread:0x260a0678 run>"}
[2019-04-12T03:44:41,233][INFO ][logstash.javapipeline ] Pipeline started {"pipeline.id"=>"module-netflow"}
[2019-04-12T03:44:41,320][INFO ][logstash.inputs.udp ] Starting UDP listener {:address=>"0.0.0.0:9995"}
[2019-04-12T03:44:41,353][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:"module-netflow"], :non_running_pipelines=>}
[2019-04-12T03:44:41,382][INFO ][logstash.inputs.udp ] UDP listener started {:address=>"0.0.0.0:9995", :receive_buffer_bytes=>"212992", :queue_size=>"2000"}
[2019-04-12T03:44:41,643][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}