Logstash sflow codec

drolfe · January 29, 2017, 10:10am

HI all,

I've just started using the below codec

https://www.elastic.co/guide/en/logstash/current/plugins-codecs-sflow.html

It works well, however doing a straight export into elasticsearch finds 95% of all the fields being of type text

root@elk-5:/var/log/logstash# dpkg-query -l | egrep -i "logstash|elastic|kibana" | awk '{ print $2,"\t",$3,"\t",$4}'
elasticsearch    5.1.1   all
kibana   5.1.1   amd64
logstash         1:5.1.1-1       all
root@elk-5:/var/log/logstash#

Current logstash config is super basic

input {
        udp {
                port => 6343
                codec => sflow {}
        }
}


output {
        elasticsearch {
                hosts => ["172.16.0.46:9200"]
        }
}

I'm wanting to know if someone can give me some help on where to start with a template (json) override to be used on the logstash ES export

Regards, Daniel

drolfe · February 5, 2017, 1:32am

I'm wanting to know if someone can give me some help on where to start with a template (json) override to be used on the logstash ES export

system · March 5, 2017, 1:32am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash sflow Logstash	15	9263	July 6, 2017
SFLOW Codec plugin input format Logstash	1	884	February 5, 2018
Problems with logstash codecs (json, rubydebug) Logstash	11	2882	July 6, 2017
Logstash.codec.sflow doesn't understand some record formats (1003, 1008, 1009 etc) Logstash	1	1001	September 17, 2018
Sflow support Logstash	1	276	January 16, 2019

Logstash sflow codec

Related topics