Hello,
I am using 6.x logstash with default netflow plugin.
I am trying to read netflow v9 records from Riverbed Steelhead. V5 works, but when i switch to v9...nothing is displayed (if i run interactively with -f).
In the log, i am seeing the following errors:
[2017-12-20T17:04:19,710][WARN ][logstash.codecs.netflow ] Can't (yet) decode flowset id 300 from source id 3203342338, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2017-12-20T17:04:19,710][WARN ][logstash.codecs.netflow ] Can't (yet) decode flowset id 300 from source id 3203342338, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2017-12-20T17:04:19,710][WARN ][logstash.codecs.netflow ] Can't (yet) decode flowset id 302 from source id 3203342338, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2017-12-20T17:04:19,710][WARN ][logstash.codecs.netflow ] Can't (yet) decode flowset id 300 from source id 3203342338, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2017-12-20T17:04:19,710][WARN ][logstash.codecs.netflow ] Can't (yet) decode flowset id 300 from source id 3203342338, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2017-12-20T17:04:19,710][WARN ][logstash.codecs.netflow ] Can't (yet) decode flowset id 300 from source id 3203342338, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2017-12-20T17:04:19,711][WARN ][logstash.codecs.netflow ] Can't (yet) decode flowset id 300 from source id 3203342338, because no template to decode it with has been received. This message will usually go away after 1 minute.
What to do ?