Logstash netflow plugin configuration error

Question

I'm trying to use logstash to collect traffic information from VMware ESXi using the netflow plugin.

I've installed the latest version of logstash and elasticsearch from www.elastic.co on Ubuntu 16.04.1 with openjdk 8 installed.

I've created this config file:

input {
    udp {
      host => localhost
      port => 9995
      codec => netflow {
        versions => [10]
        target => ipfix
      }
      type => ipfix
    }
  }

  output {
    stdout { codec => rubydebug }
      elasticsearch {
        index => "logstash_netflow5-%{+YYYY.MM.dd}"
        host => "localhost"
      }
  }

but when I execute:

logstash -f logstash-staticfile-netflow.conf

I got the following:

Pipeline aborted due to error {:exception=>"LogStash::ConfigurationError", :backtrace=>["/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/config/mixin.rb:88:in config_init'", "org/jruby/RubyHash.java:1342:ineach'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/config/mixin.rb:72:in config_init'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/outputs/base.rb:79:ininitialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/output_delegator.rb:74:in register'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:181:instart_workers'", "org/jruby/RubyArray.java:1613:in each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:181:instart_workers'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:136:in run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/agent.rb:491:instart_pipeline'"], :level=>:error}
No matching template for flow id 256 {:level=>:warn}
stopping pipeline {:id=>"main"}

Do you have any idea why I have this error? Thanks in advance for any help!

score 0 · Accepted Answer · answered Oct 10 '16 at 19:47

0

I found the problem, the error was that the configuration syntax changed in logstash 2.x, I had to replace

host => "localhost"

with:

hosts => ["localhost"]

answered Oct 10 '16 at 19:47

tvs

161
1
10

Logstash netflow plugin configuration error

1 Answers1