Hi Logstash Megaminds,
I'm using my Logstash instance as an sFlow collector, and it works great. When I read the documentation on the sFlow Codec, I see this:
By default [some sFlow] fields are removed from [every] event ... You can tune the list of removed fields by setting this parameter to the sflow codec optional_removed_field
That sounds great; I want to turn optional_removed_field off... or on, whichever gives me the most fields. But what is the syntax here? I tried the below:
input {
udp {
port => 6343
codec => sflow {}
optional_removed_field => true
}
}
But this caused Logstash to bellyflop pretty quickly. From the log, just before LS crashed:
[2020-07-16T18:15:22,126][ERROR][logstash.inputs.udp ] Unknown setting 'optional_removed_field' for udp
Can someone help me with the correct syntax? Thank you.