How is Logstash being run: docker run --detach --name logstash2 --restart always --network host --volume $(pwd)/pipeline/:/usr/share/logstash/pipeline/ docker.elastic.co/logstash/logstash:8.6.2
Description of the problem including expected versus actual behavior:
Netflow v10/IPFIX data could not be ingested due to unsupported enterprise.
message repeating constantly:
Can't (yet) decode flowset id 317 from observation domain id 6422528, because no template to decode it with has been received. This message will usually go away after 1 minute.
once a minute:
Unsupported enterprise {:enterprise=>42359}
Steps to reproduce:
logstash pipeline
input {
udp {
port => 1234
tags => [ "netflow_sdwan" ]
codec => netflow
type => ipfix
}
}
netflow/IPFIX template extracted from packet capture:
Logstash information:
docker run --detach --name logstash2 --restart always --network host --volume $(pwd)/pipeline/:/usr/share/logstash/pipeline/ docker.elastic.co/logstash/logstash:8.6.2
JVM (e.g.
java -version
): using the bundled JDKDescription of the problem including expected versus actual behavior: Netflow v10/IPFIX data could not be ingested due to unsupported enterprise. message repeating constantly:
Can't (yet) decode flowset id 317 from observation domain id 6422528, because no template to decode it with has been received. This message will usually go away after 1 minute.
once a minute:Unsupported enterprise {:enterprise=>42359}
Steps to reproduce:
logstash pipeline
netflow/IPFIX template extracted from packet capture: