netflow - Can't (yet) decode flowset id 8000 from source id 258
zmeng20171123 opened this issue · 0 comments
zmeng20171123 commented
- Version:logstash-codec-netflow-3.14.1 logstash-6.4.2
- Operating System:centos6 Linux 2.6.32-696.el6.x86_64
- Config File :
input {
udp {
port => 6000
codec => netflow {
versions => [9]
type => netflow
}
}
}
output {
stdout { codec => rubydebug }
if ( [host] =~ "10.30.30].[0-2][0-9][0-9]" ) {
elasticsearch {
index => "Router_Switch_NF-%{+YYYY.MM.dd}"
}
} else {
elasticsearch {
index => "Router_Switch_NF_Other-%{+YYYY.MM.dd}"
}
}
}
-
Sample Data:
-
Steps to Reproduce: