Logstash sflow codec

HI all,

I've just started using the below codec

https://www.elastic.co/guide/en/logstash/current/plugins-codecs-sflow.html

It works well, however doing a straight export into elasticsearch finds 95% of all the fields being of type text

sflow_field_types.jpg954×854 84.4 KB

root@elk-5:/var/log/logstash# dpkg-query -l | egrep -i "logstash|elastic|kibana" | awk '{ print $2,"\t",$3,"\t",$4}'
elasticsearch    5.1.1   all
kibana   5.1.1   amd64
logstash         1:5.1.1-1       all
root@elk-5:/var/log/logstash#

Current logstash config is super basic

input {
        udp {
                port => 6343
                codec => sflow {}
        }
}


output {
        elasticsearch {
                hosts => ["172.16.0.46:9200"]
        }
}

I'm wanting to know if someone can give me some help on where to start with a template (json) override to be used on the logstash ES export

Regards, Daniel

I'm wanting to know if someone can give me some help on where to start with a template (json) override to be used on the logstash ES export

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.