Sihnon wiki

User Tools

Site Tools

You are here: start » elk
elk

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
Last revision Both sides next revision
elk [2016/01/27 20:22]
ben created 		elk [2016/01/28 19:05]
ben
Line 63: Line 63:
         port  => 9995         port  => 9995
         codec => netflow {         codec => netflow {
 +            # Logstash doesn't support importing netflow v9 templates from the netflow device
 +            # and lacks built-in templates for id=256,257 leading to errors and no data
             versions => [5]             versions => [5]
         }         }
Line 76: Line 78:
 } }
 </code> </code>
 +  * In Kibana Settings, add a new index pattern for ''logstash-netflow-*'' (if this pattern already exists and the mapping has been changed since, remember to hit the ''refresh'' button to ensure the changed datatypes are picked up. Verify all fields have the right type.
 +  * Enable ''IP->Traffic Flow'' on the desired interfaces, and add the logstash host as a netflow v5 target
 +  * Verify data is being indexed by doing a search on ''*'' against the ''logstash-netflow-*'' index pattern
 +
 +====== Bugs ======
 +
 +===== wrong number of arguments calling `to_s` (1 for 0) =====
 +
 +  * Bug report: [[https://github.com/logstash-plugins/logstash-codec-netflow/issues/19]]
 +  * Workaround: [[https://github.com/repeatedly/fluent-plugin-netflow/commit/dfcd4f40e6bd57c1d08ddc6eae707fcdc52163f6]]
elk.txt · Last modified: 2016/01/28 22:56 by ben

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki