Setup logstash module netflow

Elastic Stack Logstash
1

Dears,
I need to install netflow dashboard as it's shown in elastic guide by this command :

sudo bin/logstash --modules netflow --setup --path.settings /etc/logstash/

but appears this error below :

Using bundled JDK: /usr/share/logstash/jdk
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2021-07-24T10:43:27,176][INFO ][logstash.runner          ] Log4j configuration path used is: /etc/logstash/log4j2.properties
[2021-07-24T10:43:27,189][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.13.4", "jruby.version"=>"jruby 9.2.16.0 (2.5.7) 2021-03-03 f82228dc32 OpenJDK 64-Bit Server VM 11.0.11+9 on 11.0.11+9 +indy +jit [linux-x86_64]"}
[2021-07-24T10:43:27,518][INFO ][logstash.config.source.modules] Both command-line and logstash.yml modules configurations detected. Using command-line module configuration to override logstash.yml module configuration.
[2021-07-24T10:43:27,527][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2021-07-24T10:43:28,074][INFO ][logstash.config.source.modules] Both command-line and logstash.yml modules configurations detected. Using command-line module configuration to override logstash.yml module configuration.
[2021-07-24T10:43:28,160][INFO ][logstash.config.modulescommon] Setting up the netflow module
[2021-07-24T10:43:28,362][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
[2021-07-24T10:43:28,659][WARN ][logstash.modules.kibanaclient] SSL explicitly disabled; other SSL settings will be ignored
[2021-07-24T10:43:28,802][ERROR][logstash.modules.kibanaclient] Error when executing Kibana client request {:error=>#<Manticore::ResolutionFailure: elktst10: Temporary failure in name resolution>}
[2021-07-24T10:43:29,034][ERROR][logstash.modules.kibanaclient] Error when executing Kibana client request {:error=>#<Manticore::ResolutionFailure: elktst10>}
[2021-07-24T10:43:29,103][ERROR][logstash.config.sourceloader] Could not fetch all the sources {:exception=>LogStash::ConfigLoadingError, :message=>"Failed to import module configurations to Elasticsearch and/or Kibana. Module: netflow has Elasticsearch hosts: [\"localhost:9200\"] and Kibana hosts: [\"elktst10:5601\"]", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/config/modules_common.rb:124:in `block in pipeline_configs'", "org/jruby/RubyArray.java:1809:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/config/modules_common.rb:70:in `pipeline_configs'", "/usr/share/logstash/logstash-core/lib/logstash/config/source/modules.rb:29:in `pipeline_configs'", "/usr/share/logstash/logstash-core/lib/logstash/config/source_loader.rb:76:in `block in fetch'", "org/jruby/RubyArray.java:2572:in `collect'", "/usr/share/logstash/logstash-core/lib/logstash/config/source_loader.rb:75:in `fetch'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:188:in `converge_state_and_update'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:126:in `execute'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:409:in `block in execute'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/stud-0.0.23/lib/stud/task.rb:24:in `block in initialize'"]}
[2021-07-24T10:43:29,108][ERROR][logstash.agent           ] An exception happened when converging configuration {:exception=>RuntimeError, :message=>"Could not fetch the configuration, message: Failed to import module configurations to Elasticsearch and/or Kibana. Module: netflow has Elasticsearch hosts: [\"localhost:9200\"] and Kibana hosts: [\"elktst10:5601\"]"}
[2021-07-24T10:43:29,183][INFO ][logstash.runner          ] Logstash shut down.
[2021-07-24T10:43:29,191][FATAL][org.logstash.Logstash    ] Logstash stopped processing because of an error: (SystemExit) exit
org.jruby.exceptions.SystemExit: (SystemExit) exit
        at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:747) ~[jruby-complete-9.2.16.0.jar:?]
        at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:710) ~[jruby-complete-9.2.16.0.jar:?]
        at usr.share.logstash.lib.bootstrap.environment.<main>(/usr/share/logstash/lib/bootstrap/environment.rb:89) ~[?:?]

and these are shown when issue command systemctl status logastash.service ::

Jul 24 10:59:08 ubuntu logstash[16924]: [2021-07-24T10:59:08,079][WARN ][logstash.codecs.netflow  ][module-netflow][f03e49b4b79a5bf12c79499ad1889168892625b5ce9a759a6029c1f702d354c6] Can't (yet) decode flowset id 260 from source id 2193, because no template to decode it w
Jul 24 10:59:08 ubuntu logstash[16924]: [2021-07-24T10:59:08,157][WARN ][logstash.codecs.netflow  ][module-netflow][f03e49b4b79a5bf12c79499ad1889168892625b5ce9a759a6029c1f702d354c6] Can't (yet) decode flowset id 260 from source id 2193, because no template to decode it w
Jul 24 10:59:08 ubuntu logstash[16924]: [2021-07-24T10:59:08,201][WARN ][logstash.codecs.netflow  ][module-netflow][f03e49b4b79a5bf12c79499ad1889168892625b5ce9a759a6029c1f702d354c6] Can't (yet) decode flowset id 260 from source id 2193, because no template to decode it w
Jul 24 10:59:08 ubuntu logstash[16924]: [2021-07-24T10:59:08,263][WARN ][logstash.codecs.netflow  ][module-netflow][f03e49b4b79a5bf12c79499ad1889168892625b5ce9a759a6029c1f702d354c6] Can't (yet) decode flowset id 260 from source id 2193, because no template to decode it w
Jul 24 10:59:08 ubuntu logstash[16924]: [2021-07-24T10:59:08,317][WARN ][logstash.codecs.netflow  ][module-netflow][f03e49b4b79a5bf12c79499ad1889168892625b5ce9a759a6029c1f702d354c6] Can't (yet) decode flowset id 260 from source id 2193, because no template to decode it w
Jul 24 10:59:08 ubuntu logstash[16924]: [2021-07-24T10:59:08,324][INFO ][logstash.outputs.elasticsearch][module-netflow] Elasticsearch version determined (7.13.4) {:es_version=>7}
Jul 24 10:59:08 ubuntu logstash[16924]: [2021-07-24T10:59:08,341][WARN ][logstash.outputs.elasticsearch][module-netflow] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
Jul 24 10:59:35 ubuntu logstash[16924]: [2021-07-24T10:59:35,466][WARN ][logstash.codecs.netflow  ][module-netflow][f03e49b4b79a5bf12c79499ad1889168892625b5ce9a759a6029c1f702d354c6] Can't (yet) decode flowset id 257 from source id 1, because no template to decode it with
Jul 24 10:59:51 ubuntu logstash[16924]: [2021-07-24T10:59:51,607][WARN ][logstash.codecs.netflow  ][module-netflow][f03e49b4b79a5bf12c79499ad1889168892625b5ce9a759a6029c1f702d354c6] Can't (yet) decode flowset id 257 from source id 1, because no template to decode it with
Jul 24 10:59:56 ubuntu logstash[16924]: [2021-07-24T10:59:56,600][WARN ][logstash.codecs.netflow  ][module-netflow][f03e49b4b79a5bf12c79499ad1889168892625b5ce9a759a6029c1f702d354c6] Can't (yet) decode flowset id 257 from source id 1, because no template to decode it with

I'm using 7.13.4

how can I solve it and install netflow dashboard

Thanks

2

The Netflow support in Logstash is deprecated; replaced by similar functionality within Filebeat

Logstash Netflow Module | Logstash Reference [7.14] | Elastic.

Remember that Filebeat can easily send to Logstash, so you don't need to disregard Logstash if you don't want to.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.