CISCO SD WAN HSL Can't (yet) decode flowset id

[SorinCeaus]

trafficstars

Logstash v8.15.1 classical VM installation run as a service on RH9. Netflow codec plugin v4.3.2

Using following config :

input {
  tcp {
    port => 15055
    host => "0.0.0.0"
    codec => netflow {
      versions => [5, 9, 10]
      cache_ttl => 12000
      cache_save_path => "/tmp"
      include_flowset_id => true
      }
  }
  udp {
    port => 15055
    host => "0.0.0.0"
    codec => netflow {
      versions => [5, 9, 10]
      cache_ttl => 12000
      cache_save_path => "/tmp"
      include_flowset_id => true
      }
  }
}

Netflow exporter is a CISCO SD WAN HSL sending v9 and v10 ipfix, template is sent OK (present in pcap) and file is created in /tmp/

cat /tmp/ipfix_templates.cache {"6|257":[["string","applicationId",{"length":4,"trim_padding":true}],["string","applicationName",{"length":24,"trim_padding":true}],["string","applicationDescription",{"length":55,"trim_padding":true}]],"6|258":[["uint32","ingressInterface"],["string","interfaceName",{"length":33,"trim_padding":true}],["string","interfaceDescription",{"length":65,"trim_padding":true}],["uint32","egressInterface"]]}

but still we get this in logstash-plain.log (of course, it doesn't go away):

[2025-01-25T21:09:52,414][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Can't (yet) decode flowset id 409 from source id 300, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2025-01-25T21:09:52,414][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Can't (yet) decode flowset id 413 from source id 300, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2025-01-25T21:09:52,414][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Can't (yet) decode flowset id 409 from source id 300, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2025-01-25T21:09:52,869][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Can't (yet) decode flowset id 318 from observation domain id 512, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2025-01-25T21:09:53,078][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Can't (yet) decode flowset id 409 from source id 300, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2025-01-25T21:09:53,134][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Can't (yet) decode flowset id 379 from observation domain id 512, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2025-01-25T21:09:53,488][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Can't (yet) decode flowset id 412 from source id 300, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2025-01-25T21:09:53,818][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Can't (yet) decode flowset id 412 from source id 300, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2025-01-25T21:09:54,039][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Can't (yet) decode flowset id 409 from source id 300, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2025-01-25T21:09:54,080][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Invalid netflow packet received (value '0' not as expected for obj.records[1].flowset_data.templates[0].scope_length)
[2025-01-25T21:09:54,091][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Can't (yet) decode flowset id 418 from source id 300, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2025-01-25T21:09:54,091][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Can't (yet) decode flowset id 417 from source id 300, because no template to decode it with has been received. This message will usually go away after 1 minute.
[2025-01-25T21:09:54,092][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Unsupported field in template 433 {:type=>35001, :length=>2}
[2025-01-25T21:09:54,093][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Unsupported field in template 432 {:type=>35001, :length=>2}
[2025-01-25T21:09:54,093][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Unsupported field in template 431 {:type=>35001, :length=>2}
[2025-01-25T21:09:54,093][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Unsupported field in template 430 {:type=>35001, :length=>2}
[2025-01-25T21:09:54,093][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Unsupported field in template 429 {:type=>35001, :length=>2}
[2025-01-25T21:09:54,094][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Unsupported field in template 428 {:type=>35001, :length=>2}
[2025-01-25T21:09:54,095][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Unsupported field in template 427 {:type=>35001, :length=>2}
[2025-01-25T21:09:54,095][WARN ][logstash.codecs.netflow  ][NetFlow_TEST][71011548a455c721f7adeedc88b61bcaa1caf3bf67a704dea16cc1720a9c0722] Can't (yet) decode flowset id 417 from source id 300, because no template to decode it with has been received. This message will usually go away after 1 minute.