Hi,
I have configured Netflow V9 on my Cisco Router and I have installed Logstash 2.3.4 on my CentOS Server. I know that my Netflow configuration on my router is correct because I started a Wireshark capture and results seems good.
When I start Logstash service, I have this following error in Logstash logs :
09:46:44.328000+0200", :message=>"Pipeline main started"}
{:timestamp=>"2016-07-25T09:47:16.941000+0200", :message=>"No matching template for flow id 279", :level=>:warn}
{:timestamp=>"2016-07-25T09:47:16.952000+0200", :message=>"No matching template for flow id 279", :level=>:warn}
{:timestamp=>"2016-07-25T09:47:21.909000+0200", :message=>"No matching template for flow id 279", :level=>:warn}
{:timestamp=>"2016-07-25T09:47:21.915000+0200", :message=>"No matching template for flow id 279", :level=>:warn}
{:timestamp=>"2016-07-25T09:47:26.896000+0200", :message=>"No matching template for flow id 279", :level=>:warn}
{:timestamp=>"2016-07-25T09:47:26.902000+0200", :message=>"No matching template for flow id 279", :level=>:warn}
I don't understand the reason why this message appears..
My Logstash configuration :
input {
udp {
port => 9995
type => netflow
codec => netflow {
netflow_definitions => "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-codec-netflow-2.1.1/lib/logstash/codecs/netflow/netflow.yaml" # Dictionnaire NetFlow
versions => [9]
}
}
}
filter {
}
output {
stdout { codec => rubydebug }
file {
path => "/var/log/logstash/test"
}
}
Any idea ?
Thanks for answers.
PS : I use the plugin logstash-codec-netflow-2.1.1