Hello all !!
I am testing the netflow logstash plugin and there seems to me there is a problem with the timestamps as the documents are not showing millisecond precision.

A wireshark capture shows StartTime/EndTime fields with millisecond precision.

All first_switched/last_switched fields will show with .999 precision:

"flow_seq_num": 35409291,
"last_switched": "2018-04-17T15:13:47.999Z",
"dst_as": 0,
"ipv4_src_addr": "10.20.9.216",
"dst_mask": 24,
"first_switched": "2018-04-17T15:13:46.999Z",

Am I missing something ??

./logstash --version

logstash 6.2.3

./logstash-plugin list --verbose | grep netflow

logstash-codec-netflow (3.11.2)

image.png1238×862 47.3 KB

image.png769×790 24.8 KB

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.