SFLOW Codec plugin input format

weirdaze · January 8, 2018, 5:14pm

using logstash 2.3.4

Hello! Newbie to Logstash. Trying to figure out how I should format the input that the sflow codec would accept.

so far all I get is (per line of text in my sflow.input file):

Ignoring Sflow version v808728112 {:level=>:warn}
Ignoring Sflow version v808728112 {:level=>:warn}
Ignoring Sflow version v808728112 {:level=>:warn}
...

Here's my sflow.conf config:
input {
file{
path => "/home/arista/sflow.input"
codec => sflow{}
start_position => "beginning"
sincedb_path => "/dev/null"
}
stdin{}
}

output {
file{
path => "/home/arista/output.log"
}
stdout{}
}

I've tried feeding it ascii based human readable text of the packet as well as the binary representation of that text. Neither option worked.

Could someone please walk me through what I need to feed this code so it accepts the input?

BTW, the sflow input is definitely Sflow v5.

Thanks!

system · February 5, 2018, 5:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash.codec.sflow doesn't understand some record formats (1003, 1008, 1009 etc) Logstash	1	1002	September 17, 2018
Logstash sflow codec Logstash	2	3518	March 5, 2017
Sflow support Logstash	1	278	January 16, 2019
Stdout output with plain codec Logstash	4	684	March 14, 2018
Logstash multiline codec plugin Logstash	4	260	July 16, 2018

SFLOW Codec plugin input format

Related topics