my configuration :
input {
udp {
port => 9556
codec => netflow {
versions => [5]
}
type => "Netflow"
}
}
output {
if ( [type] == "Netflow" ) {
elasticsearch {
hosts => ["localhost:9200"]
index => "netflow-%{+YYYY.MM.dd}"
}
}
}
netstat -au :
udp6 0 0 [::]:9556 [::]:*
i see UDP6 but my flow is for ipv4
With TCPDUMP i see my netflow flow
i don't understand , why i have a index in kibana but 0 DATA
Hello Pierre,
I think we could start by checking if any events are correctly collected by Logstash, we can do this by adding a stdout and a rubydebug codec. If you start logstash from the command line with Logstash -f ./myconfig you should see traces in the terminal if any netflow event reach the output.
output {
if ( [type] == "Netflow" ) {
stdout {
codec => rubydebug
}
elasticsearch {
hosts => ["localhost:9200"]
index => "netflow-%{+YYYY.MM.dd}"
}
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.