Cisco ASR9K Can't (yet) decode flowset id 260

robcowart / elastiflow

Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack

Other

2.49k stars 596 forks source link

Cisco ASR9K Can't (yet) decode flowset id 260 #689

Closed swb-ops closed 3 years ago

swb-ops commented 3 years ago

Hello,

We have a problem with decoding the Netflow v9 from Cisco ASR9K. Logs: Can't (yet) decode flowset id 260 from observation domain id 2081, because no template to decode it with has been received

I have attached a pcap file.

ASR9K_netflow.zip

robcowart commented 3 years ago

There are no templates in that PCAP. You will see the above log message until a template has been received. Depending on the device and its configuration that may take a few seconds to 20-30 minutes. Usually shouldn't be more than 2-3 minutes, but there are exceptions.

swb-ops commented 3 years ago

Hello, Thanks for your replay. Yes, I waited about 10 minutes and got the template.