I have a new ubuntu 16.04 instance in which I have just loaded a fresh install of the ELK stack on. I currently have logstash 2.3.4-1 installed and have also installed the netflow codec using the following command:
"/opt/logstash/bin/logstash-plugin install logstash-codec-netflow".
I am now trying to configure the conf file in order to start sending netflow traffic to my server and have ran into some issues. I have tried a few of the configurations that I have found in other posts for version 2.x, and I seem to be having issues actually getting these configurations to be excepted. I have reverted to a very simplistic configuration which is still giving me the same error when I attempt to run a configtest on it.
results of running "/opt/logstash/bin/logstash --configtest -f /etc/logstash/conf.d/20-logstash-staticfile-netflow.conf ":
The given configuration is invalid. Reason: field 'fields' is a reserved name in BinData::Array {:level=>:fatal}
As an update I now have it working, however the fix isn't a good answer. It seems that the netflow codec isn't properly supporting logstash 2.3.x. After I downgraded to 2.2.4 I am now able to successfully use the codec.
Anyone have any thoughts on getting the codec to work with 2.3.4 without modification? If not, I can submit a request with the codec maintainer.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
