I have setup Logstash Kibana and elastic search on same windows server, i am running netflow module on logstash with below command but still dashboards are not imported in Kibana for netflow. i have tried multple options before posting in this forum. any help is appreciated
bin/logstash --modules netflow --setup -M "netflow.var.kibana.host=192.168.16.67:5601"
Please share the logstash.yml
What do you see in the respective logs when the above fails for you?
I'm in same issue on CentOS.
elasticsearch/kibana/logstash version is 6.2.4.
I run logstash with multiple pipelines.
I can't see Netflow dashborad in Kibana.
I tried below command but I got some error messages.
https://www.elastic.co/guide/en/logstash/current/netflow-module.html#netflow-getting-started
# /usr/share/logstash/bin/logstash --modules netflow --setup -M netflow.var.input.udp.port=9995
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
ERROR: Configuration reloading can't be used with command-line or logstash.yml specified modules.
usage:
bin/logstash -f CONFIG_PATH [-t] [-r] [] [-w COUNT] [-l LOG]
bin/logstash --modules MODULE_NAME [-M "MODULE_NAME.var.PLUGIN_TYPE.PLUGIN_NAME.VARIABLE_NAME=VALUE"] [-t] [-w COUNT] [-l LOG]
bin/logstash -e CONFIG_STR [-t] [--log.level fatal|error|warn|info|debug|trace] [-w COUNT] [-l LOG]
bin/logstash -i SHELL [--log.level fatal|error|warn|info|debug|trace]
bin/logstash -V [--log.level fatal|error|warn|info|debug|trace]
bin/logstash --help
# tail /var/log/logstash/logstash-plain.log
[2018-05-07T17:49:59,828][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/usr/share/logstash/modules/netflow/configuration"}
[2018-05-07T17:50:00,028][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-05-07T17:50:00,032][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: org.jruby.exceptions.RaiseException: (SystemExit) exit
This is my pipeline.yml.
# For NetFlow
- pipeline.id: netflow
pipeline.workers: 2
pipeline.batch.size: 125
pipeline.batch.delay: 5
config.reload.automatic: true
config.reload.interval: 5s
path.config: "/etc/logstash/pipeconf.d/netflow.conf"
and related file.
input {
udp {
port => 9995
codec => netflow {
netflow_definitions => "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-codec-netflow-.11.4/lib/logstash/codecs/netflow/netflow.yaml"
versions => [9, 10]
target => netflow
}
type => netflow
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => [ "http://172.16.10.50:9200" ]
index => "netflow-%{+YYYY.MM}"
user => xxx
password => xxx
}
}Can you help me anyone ?
I can't help you with the Netflow module, as I can't recommend that you use it. You should consider ElastiFlow
The Logstash module was based on v1.0.0 of ElastiFlow, and is now way behind on functionality. You can see some of the differences here...
Robert Cowart (rob@koiossian.com)
www.koiossian.com
True Turnkey SOLUTIONS for the Elastic Stack
Thank you for your reply.
I'm going to try Elastiflow on this weekend.
Regards,
Hello,
I could get Elastiflow dashboard.
I can see it. But some pages were failed to see on Elastiflow contents.
Here is error page.
How should I improve this error ?
Please open an issue on the ElastiFlow GitHub repository. When you do, you will need to include more information... versions, your deployment environment (one node, multiple nodes, how much CPU, memory, etc), how much data (flows per second) etc.
It seems to be caused by insufficient resources.
I will see a state for a while.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
