Unable to Export Kibana Netflow dashboards

I have setup Logstash Kibana and elastic search on same windows server, i am running netflow module on logstash with below command but still dashboards are not imported in Kibana for netflow. i have tried multple options before posting in this forum. any help is appreciated

bin/logstash --modules netflow --setup -M "netflow.var.kibana.host=192.168.16.67:5601"

Please share the logstash.yml
What do you see in the respective logs when the above fails for you?

I'm in same issue on CentOS.

elasticsearch/kibana/logstash version is 6.2.4.

I run logstash with multiple pipelines.

I can't see Netflow dashborad in Kibana.

I tried below command but I got some error messages.
https://www.elastic.co/guide/en/logstash/current/netflow-module.html#netflow-getting-started

 # /usr/share/logstash/bin/logstash --modules netflow --setup -M netflow.var.input.udp.port=9995
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
ERROR: Configuration reloading can't be used with command-line or logstash.yml specified modules.
usage:
  bin/logstash -f CONFIG_PATH [-t] [-r] [] [-w COUNT] [-l LOG]
  bin/logstash --modules MODULE_NAME [-M "MODULE_NAME.var.PLUGIN_TYPE.PLUGIN_NAME.VARIABLE_NAME=VALUE"] [-t] [-w COUNT] [-l LOG]
  bin/logstash -e CONFIG_STR [-t] [--log.level fatal|error|warn|info|debug|trace] [-w COUNT] [-l LOG]
  bin/logstash -i SHELL [--log.level fatal|error|warn|info|debug|trace]
  bin/logstash -V [--log.level fatal|error|warn|info|debug|trace]
  bin/logstash --help
# tail /var/log/logstash/logstash-plain.log
[2018-05-07T17:49:59,828][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/usr/share/logstash/modules/netflow/configuration"}
[2018-05-07T17:50:00,028][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-05-07T17:50:00,032][ERROR][org.logstash.Logstash    ] java.lang.IllegalStateException: org.jruby.exceptions.RaiseException: (SystemExit) exit

This is my pipeline.yml.

# For NetFlow
- pipeline.id: netflow
  pipeline.workers: 2
  pipeline.batch.size: 125
  pipeline.batch.delay: 5
  config.reload.automatic: true
  config.reload.interval: 5s
  path.config: "/etc/logstash/pipeconf.d/netflow.conf"   

and related file.

input {
  udp {
    port => 9995
    codec => netflow {
      netflow_definitions => "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-codec-netflow-.11.4/lib/logstash/codecs/netflow/netflow.yaml"
      versions => [9, 10]
      target => netflow
    }
    type => netflow
  }
}
output {
  stdout { codec => rubydebug }
  elasticsearch {
    hosts => [ "http://172.16.10.50:9200" ]
    index => "netflow-%{+YYYY.MM}"
    user => xxx
    password => xxx
  }
}

Can you help me anyone ?

I can't help you with the Netflow module, as I can't recommend that you use it. You should consider ElastiFlow

The Logstash module was based on v1.0.0 of ElastiFlow, and is now way behind on functionality. You can see some of the differences here...

Robert Cowart (rob@koiossian.com)
www.koiossian.com
True Turnkey SOLUTIONS for the Elastic Stack

Thank you for your reply.

I'm going to try Elastiflow on this weekend.

Regards,

Hello,
I could get Elastiflow dashboard.

I can see it. But some pages were failed to see on Elastiflow contents.

kibana_ok.PNG759×374 63.7 KB

Here is error page.

• AS page
• Exporters
• Flow records
  
  

  error.PNG762×227 55.6 KB

How should I improve this error ?

Please open an issue on the ElastiFlow GitHub repository. When you do, you will need to include more information... versions, your deployment environment (one node, multiple nodes, how much CPU, memory, etc), how much data (flows per second) etc.

It seems to be caused by insufficient resources.

I will see a state for a while.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.