I have Netflow v9 coming in from a Fortinet firewall and can see a list of the native flows in the dashboards, but they all have this warning
__netflow_ip_version_not_recognized, __netflow_direction_not_recognized
however nothing else is showing and i'm getting this message in the logstash log
[logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"netflow-2018.01.25", :_type=>"doc", :_routing=>nil}, #LogStash::Event:0x6a4e2625], :response=>{"index"=>{"_index"=>"netflow-2018.01.25", "_type"=>"doc", "_id"=>"6DcOLGEBR5Jkz-52CTIu", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse [netflow.application_id]", "caused_by"=>{"type"=>"number_format_exception", "reason"=>"For input string: "20:53068615909376""}}}}}
what is going wrong, is this a known problem ???? I thought that the netflow module was plug and play ... not totally impressed so far ...