Probleme input UDP , no index, no DATA

pierre1 · March 24, 2017, 12:23pm

my configuration :

input {
  udp {
    port => 9556
    codec => netflow {
      versions => [5]
    }
    type => "Netflow"
  }
}

output {
    if ( [type] == "Netflow" ) {
        elasticsearch {
                hosts => ["localhost:9200"]
                index => "netflow-%{+YYYY.MM.dd}"
          }
    }     
}

netstat -au :
udp6 0 0 [::]:9556 [::]:*

i see UDP6 but my flow is for ipv4

With TCPDUMP i see my netflow flow
i don't understand , why i have a index in kibana but 0 DATA

pierhugues · March 31, 2017, 1:11pm

Hello Pierre,

I think we could start by checking if any events are correctly collected by Logstash, we can do this by adding a stdout and a rubydebug codec. If you start logstash from the command line with Logstash -f ./myconfig you should see traces in the terminal if any netflow event reach the output.

output {
    if ( [type] == "Netflow" ) {
        stdout {
          codec => rubydebug
        }
        elasticsearch {
                hosts => ["localhost:9200"]
                index => "netflow-%{+YYYY.MM.dd}"
          }

    }     
}

system · April 28, 2017, 1:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Netflow Logstash Logstash	4	288	November 11, 2019
Logstash UDP plugin Logstash	12	919	November 22, 2017
Logstash/ElasticSearch/Kibana 7.3 not working for Netflow Logstash	3	447	September 10, 2019
Input UDP/ netflow no listenning Logstash	2	769	April 19, 2017
Netflow Module Not Creating ES Index Logstash	10	890	June 12, 2019

Probleme input UDP , no index, no DATA

Related topics