- Logstash Reference: other versions:
- Logstash Introduction
- Getting Started with Logstash
- Breaking Changes
- Upgrading Logstash
- Configuring Logstash
- Performance Troubleshooting Guide
- Working with plugins
- Input plugins
- beats
- couchdb_changes
- drupal_dblog
- elasticsearch
- exec
- eventlog
- file
- ganglia
- gelf
- generator
- graphite
- github
- heartbeat
- heroku
- http
- http_poller
- irc
- imap
- jdbc
- jmx
- kafka
- log4j
- lumberjack
- meetup
- pipe
- puppet_facter
- relp
- rss
- rackspace
- rabbitmq
- redis
- salesforce
- snmptrap
- stdin
- sqlite
- s3
- sqs
- stomp
- syslog
- tcp
- unix
- udp
- varnishlog
- wmi
- websocket
- xmpp
- zenoss
- zeromq
- Output plugins
- boundary
- circonus
- csv
- cloudwatch
- datadog
- datadog_metrics
- elasticsearch
- elasticsearch_java
- exec
- file
- google_bigquery
- google_cloud_storage
- ganglia
- gelf
- graphtastic
- graphite
- hipchat
- http
- irc
- influxdb
- juggernaut
- jira
- kafka
- lumberjack
- librato
- loggly
- mongodb
- metriccatcher
- nagios
- null
- nagios_nsca
- opentsdb
- pagerduty
- pipe
- riemann
- redmine
- rackspace
- rabbitmq
- redis
- riak
- s3
- sqs
- stomp
- statsd
- solr_http
- sns
- syslog
- stdout
- tcp
- udp
- webhdfs
- websocket
- xmpp
- zabbix
- zeromq
- Filter plugins
- aggregate
- alter
- anonymize
- collate
- csv
- cidr
- clone
- cipher
- checksum
- date
- de_dot
- dns
- drop
- elasticsearch
- extractnumbers
- environment
- elapsed
- fingerprint
- geoip
- grok
- i18n
- json
- json_encode
- kv
- mutate
- metrics
- multiline
- metaevent
- prune
- punct
- ruby
- range
- syslog_pri
- sleep
- split
- throttle
- translate
- uuid
- urldecode
- useragent
- xml
- zeromq
- Codec plugins
- Contributing to Logstash
- How to write a Logstash input plugin
- How to write a Logstash input plugin
- How to write a Logstash codec plugin
- How to write a Logstash filter plugin
- Contributing a Patch to a Logstash Plugin
- Logstash Plugins Community Maintainer Guide
- Submitting your plugin to RubyGems.org and the logstash-plugins repository
- Glossary of Terms
- Release Notes
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
netflow
editnetflow
editThis is a community-maintained plugin!
The "netflow" codec is for decoding Netflow v5/v9 flows.
Synopsis
editThis plugin supports the following configuration options:
Required configuration options:
netflow { }
Available configuration options:
Details
edit
definitions
edit- Value type is path
- There is no default value for this setting.
Override YAML file containing Netflow field definitions
Each Netflow field is defined like so:
id: - default length in bytes - :name id: - :uintN or :ip4_addr or :ip6_addr or :mac_addr or :string - :name id: - :skip
See https://github.com/logstash-plugins/logstash-codec-netflow/blob/master/lib/logstash/codecs/netflow/netflow.yaml for the base set.
Was this helpful?
Thank you for your feedback.