Can't (yet) decode flowset id 5000 from source id 0

[giovanirorato]

Please post all product and debugging questions on our forum. Your questions will reach our wider community members there, and if we confirm that there is a bug, then we can open a new issue here.

For all general issues, please provide the following details for fast resolution:

• Version: 4.2.1
• Operating System: Oracle Linux Server 7.4
• Config File (if you have sensitive info, please remove it):

logstash.conf

input { udp { host => "xxx.xxx.xxx.xxx" port => 9996 codec => netflow { netflow_definitions => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-codec-netflow-4.2.1/lib/logstash/codecs/netflow/netflow.yaml" versions => [9] } type => "netflow" } }

• Sample Data:

  Can't (yet) decode flowset id 5000 from source id 0

• Steps to Reproduce:

  When I start logstash. I am using multiple Cisco and Huawei routers as input source of data. This happens when Huawei enters the data stream.

[robcowart]

Can you provide a PCAP of the flows in question?