search

logstash-plugins / logstash-integration-snmp

Logstash Integration Plugin for SNMP, including SNMP input and SNMP Trap Plugins
Apache License 2.0
0 stars 3 forks source link

mapping Varbinds to fields is causing runaway field counts... #53

Open peelman opened 6 years ago

peelman commented 6 years ago

https://github.com/logstash-plugins/logstash-input-snmptrap/blob/f0478381ff1f1a15dd7b2356d8b1ab27857d0666/lib/logstash/inputs/snmptrap.rb#L85

By trying to map every varbind to a field, we are rapidly exceeding the field count maxes in ElasticSearch. Raising that field count continuously isn't something that should be advocated.

It would be better to dump the varbinds into a single field and let a filter take care of extracting any relevant data.

vsboost commented 4 years ago

Im getting heaps of these with this change.

[logstash.inputs.snmptrap ][main] Failed to create event {:trap_object=>"#<SNMP::SNMPv2_Trap:0x159697d8 @request_id=928213, @error_index=0, @error_status=0, .......

yongbuzhibu commented 4 years ago

Im getting heaps of these with this change.

[logstash.inputs.snmptrap ][main] Failed to create event {:trap_object=>"#<SNMP::SNMPv2_Trap:0x159697d8 @request_id=928213, @error_index=0, @error_status=0, .......

hello, I also getting the same err mesage, how do you fix it?