Hi,
we are getting sflow information with logstash and would like to use a simple ruby code to calculate the average bandwidth used by ip.
Unfortunately when we activate in our filter rule the ruby code we end up with the following error on boot
[2017-01-23T15:10:33,636][WARN ][logstash.inputs.udp ] UDP listener died {:exception=>#<SocketError: bind: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyUDPSocket.java:160:in bind'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-udp-3.1.0/lib/logstash/inputs/udp.rb:82:in
udp_listener'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-udp-3.1.0/lib/logstash/inputs/udp.rb:56:in run'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:365:in
inputworker'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:359:in `start_input'"]}
We are using a warper in the input
input {
pipe {
type => "sflow"
command => "/usr/local/bin/sflowtool_wrapper.sh -l -p 6343"
}
}
And i highly suspect this is the reason why ruby wont find the port.
Is there a solution to fix this issue ?
We have obviously tried without the warper but we end up with lot of garbage character instead of our flow as sflowtool does the job of decoding the frames.
I dont think the ruby code is the issue
ruby {
code => 'event.set("[sflow][in_bytes]", event.get("[sflow][SampleRate]")* event.get("[sflow][PacketSize]")'
}