Can't (yet) decode flowset id 3282 from source id 512

Question

Can't (yet) decode flowset id 3282 from source id 512

yankai312 opened this issue 5 years ago · 7 comments

yankai312 commented 5 years ago

Version:logstash_6.7.1
Operating System:RED Hat 4.8.5-16
Sample Data:
netflow.pcap.zip
Steps to Reproduce:
[WARN ][logstash.codecs.netflow ] Can't (yet) decode flowset id 3281 from source id 512, because no template to decode it with has been received. This message will usually go away after 1 minute.
[WARN ][logstash.codecs.netflow ] Can't (yet) decode flowset id 3282 from source id 512, because no template to decode it with has been received. This message will usually go away after 1 minute.

Answer 1 · 2019-04-30T15:51:10.000Z

What kind of device/app was the source of these flow records?

Answer 2 · 2019-08-19T09:31:25.000Z

关于Can't (yet) decode flowset id 3282 from source id 512：请问你解决了嘛？

Answer 3 · 2019-08-19T11:02:30.000Z

解决了，我自己写了个接收器

…

---Original--- From: "huangyingcheng"<notifications@github.com> Date: Mon, Aug 19, 2019 17:31 PM To: "logstash-plugins/logstash-codec-netflow"<logstash-codec-netflow@noreply.github.com>; Cc: "yankai312"<147936661@qq.com>;"Author"<author@noreply.github.com>; Subject: Re: [logstash-plugins/logstash-codec-netflow] Can't (yet) decode flowset id 3282 from source id 512 (#176) 关于Can't (yet) decode flowset id 3282 from source id 512：请问你解决了嘛？ — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

Answer 4 · 2019-11-16T09:46:44.000Z

@yankai312 to help the rest of the community, can you share which device type these flows are from? Thanks.

Answer 5 · 2020-01-08T14:20:26.000Z

解决了，我自己写了个接收器
…
---Original--- From: "huangyingcheng"notifications@github.com Date: Mon, Aug 19, 2019 17:31 PM To: "logstash-plugins/logstash-codec-netflow"logstash-codec-netflow@noreply.github.com; Cc: "yankai312"147936661@qq.com;"Author"author@noreply.github.com; Subject: Re: [logstash-plugins/logstash-codec-netflow] Can't (yet) decode flowset id 3282 from source id 512 (#176) 关于Can't (yet) decode flowset id 3282 from source id 512：请问你解决了嘛？ — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

大佬能看一下你写的接收器么

Answer 6 · 2022-06-08T03:24:01.000Z

Can't (yet) decode flowset id 1315 from source id 2, because no template to decode it with has been received. This message will usually go away after 1 minute.
大佬能帮忙看一下这个报错什么原因呢吗

Answer 7 · 2022-06-08T03:28:49.000Z

@yankai312 请问，
input {
udp {
port => 8067
type => netflow
codec => netflow {
versions => [9]
}
}
}
output {
stdout {codec => rubydebug}
elasticsearch {
hosts => ["http://0.0.0.0:9200"]
index=> "netstream-udp"
}
}
error：
Can't (yet) decode flowset id 1315 from source id 2, because no template to decode it with has been received. This message will usually go away after 1 minute.

problem：
What does it say on your receiver。Maybe my receiver is writing the wrong way