It appears that the nmap codec uses the returned rtt value from an nmap scan to create a field with the value as the name. This leads to a large number of fields created where the field name is the rtt value.
For all general issues, please provide the following details for fast resolution:
Version: Nmap 6.47 and nmap 7.0.1. logstash 5.x
Operating System: ubuntu
Config File (if you have sensitive info, please remove it):
input {
http {
host => "0.0.0.0"
port => 8000
codec => nmap
}
}
It appears that the nmap codec uses the returned rtt value from an nmap scan to create a field with the value as the name. This leads to a large number of fields created where the field name is the rtt value.
For all general issues, please provide the following details for fast resolution:
output { stdout { codec => rubydebug } }
Sample Data: }, "start_time" => 2017-11-09T13:06:28.000Z, "times" => { "rttvar" => 0, # <- issue "35" => 0 # <- issue }, "hostname" => nil, "@timestamp" => 2017-11-09T13:08:07.250Z,
Steps to Reproduce: Run the following nmap command sudo nmap -sV -O -sT 192.168.229.0/24 -oX - | curl -H "x-nmap-target: testnet.net" http://192.168.229.55:8000 --data-binary @-