1

I'm trying to use logstash to collect traffic information from VMware ESXi using the netflow plugin.

I've installed the latest version of logstash and elasticsearch from www.elastic.co on Ubuntu 16.04.1 with openjdk 8 installed.

I've created this config file:

input { udp { host => localhost port => 9995 codec => netflow { versions => [10] target => ipfix } type => ipfix } } output { stdout { codec => rubydebug } elasticsearch { index => "logstash_netflow5-%{+YYYY.MM.dd}" host => "localhost" } }

but when I execute:

logstash -f logstash-staticfile-netflow.conf

I got the following:

Pipeline aborted due to error {:exception=>"LogStash::ConfigurationError", :backtrace=>["/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/config/mixin.rb:88:in config_init'", "org/jruby/RubyHash.java:1342:ineach'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/config/mixin.rb:72:in config_init'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/outputs/base.rb:79:ininitialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/output_delegator.rb:74:in register'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:181:instart_workers'", "org/jruby/RubyArray.java:1613:in each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:181:instart_workers'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:136:in run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/agent.rb:491:instart_pipeline'"], :level=>:error} No matching template for flow id 256 {:level=>:warn} stopping pipeline {:id=>"main"}

Do you have any idea why I have this error? Thanks in advance for any help!

Improve this question

1 Answer 1

Reset to default
0

I found the problem, the error was that the configuration syntax changed in logstash 2.x, I had to replace

host => "localhost"

with:

hosts => ["localhost"]
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.