26 July 2017

Logstash Lines: Introducing modules

By Suyog Rao

Welcome back to The Logstash Lines! In these weekly posts, we'll share the latest happenings in the world of Logstash and its ecosystem.

Introducing Logstash modules: Netflow

Similar to the Filebeat modules feature, Logstash can have its own modules now. Modules contain packaged Logstash configuration, Kibana dashboards and other meta files to ease the set up of the Elastic stack for certain use cases or data sources. The goal of these modules are to provide an end-end, 5 min getting started experience for a user exploring a data source without having to learn different parts of the stack.

NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network traffic. A large number of routers and switch vendors support exporting NetFlow packets via UDP. The Logstash Netflow module consists of a config that listens to UDP, parses all the netflow packets (multiple versions are handled) via the LS netflow codec. This module is based on the excellent work by our very own Solutions Architect, Rob Cowart.

Here's is a screenshot of a Netflow dashboard from this module:

netflow-module.png

Changes in 5.6

  • Set the default min and max JVM heapsize to be the same.
  • Fix an issue where hot_threads API fails if there are two threads with the same name (#7608).
  • Handle empty queue condition for queue drain on shutdown option.
  • Make StringBiValue safe against mutations to the underlying RubyString
  • JDBC input: Correctly close driver after a healthcheck failure (#227).
  • GeoIP: We now bundle the free ASN database from MaxMind. An option has been added to choose between the default GeoIPLite-City or GeoIPLite-ASN database (#126).