Logstash netflow codec v5 First/EndSwitched timestamps shown with .999 precision

Zeeshan_Alam · May 13, 2019, 9:19am

Logstash: 6.7.0
Plugin: logstash-codec-netflow (3.14.1)
OS: RHEL 7

There is a problem with the first_switched and last_switched timestamps as the documents are not showing millisecond precision.

All my netflow events first_switched/last_switched fields are shown with .999 precision.

 "last_switched": "2019-05-13T08:44:02.999Z",
  "output_snmp": 8,
  "packets": 2,
  "version": "Netflow v5",
  "flow_seq_num": 49642903,
  "ip_version": "IPv4",
  "tcp_flags_label": "ACK",
  "first_switched": "2019-05-13T08:43:32.999Z",

Config file:

input {
    udp {
        type => "netflow"
        port => 5160
        codec => netflow {
            versions => [5,9]
        }
        workers => 16
        receive_buffer_bytes => 26214400
        queue_size => 5000000
    }
}

output {
  stdout { codec => json }
}

system · June 10, 2019, 9:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.