I have recently installed the newest version of ELK stack 6.0.x and I receive this errors in logstash-plain.log:
`[2017-11-30T11:27:11,235][WARN`` ][logstash.codecs.netflow ] Can't (yet) decode flowset id 260 from observation domain id 1, because no template to decode it with has been received. This message will usually go away after 1 minute.`
The elasticsearch database can't be feeded as well but I have no problem with Cisco Netflow!
This is a part of my Tshark output which is listening on port 4739
`Capturing on 'ens160'
`1 0.000000000 10.1.1.1 → 10.1.1.29 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=5f7f)
2 0.007979860 10.1.1.1 → 10.1.1.29 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=5f80)
3 0.020006558 10.1.1.1 → 10.1.1.29 CFLOW 1506 IPFIX flow (1464 bytes) Obs-Domain-ID= 1 [Data:260] [Data:256] [Data:259] [Data:256] [Data:259] [Data:256] [Data:258] [Data:256] [Data:259] [Data:258] [Data:260]
4 0.032020745 10.1.1.1 → 10.1.1.29 CFLOW 1482 IPFIX flow (1440 bytes) Obs-Domain-ID= 1 [Data:260] [Data:256] [Data:260] [Data:256] [Data:260] [Data:256] [Data:258] [Data:256] [Data:258] [Data:256] [Data:258]
5 0.064040935 10.1.1.1 → 10.1.1.29 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=5f8b)
6 0.076645721 10.1.1.1 → 10.1.1.29 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=5f8d)
7 0.085025100 10.1.1.1 → 10.1.1.29 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=5f8f)
8 0.167135983 10.1.1.1 → 10.1.1.29 CFLOW 558 IPFIX flow ( 516 bytes) Obs-Domain-ID= 1 [Data:258]`
can you help me with this matter?
This thread was automatically locked due to age.