You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
root@nprobe:~# nprobe -b 1 --simulate-collection --flow-deduplication 5 -3 2055 -n none --event-log /var/log/nprobe/eventlog.log -T "%IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT %IPV4_SRC_ADDR %SRC_MASK %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %DST_MASK %OUTPUT_SNMP %IPV4_NEXT_HOP %SRC_AS %DST_AS %ICMP_TYPE %SAMPLING_INTERVAL %SAMPLING_ALGORITHM %FLOW_ACTIVE_TIMEOUT %FLOW_INACTIVE_TIMEOUT %MIN_TTL %MAX_TTL %DST_TOS %SRC_VLAN %DST_VLAN %IP_PROTOCOL_VERSION %DIRECTION %IN_DST_MAC %IN_SRC_MAC %OUT_DST_MAC %OUT_SRC_MAC %L7_PROTO %L7_PROTO_NAME %FIRST_SWITCHED %LAST_SWITCHED %IPV6_SRC_ADDR %IPV6_DST_ADDR" --elastic 'flows;nprobe-%Y.%m.%d;https://elasticsearch.mydomain.com:9200/_bulk;nprobe:passwd_for_nprobe' --json-labels -t 30 -d 3 -l 60 --dump-stats /var/log/nprobe/flow_stats.log
28/Feb/2025 14:49:14 [plugin.c:178] No plugins found in ./plugins
28/Feb/2025 14:49:14 [plugin.c:186] Loading 23 plugins [.so] from /usr/lib/nprobe/plugins
28/Feb/2025 14:49:14 [nprobe.c:6224] Disabling flow cache during collection
28/Feb/2025 14:49:14 [nprobe.c:8175] WARNING: The output interfaceId is set to 0: did you forget to use -Q perhaps ?
28/Feb/2025 14:49:14 [nprobe.c:8178] WARNING: The input interfaceId is set to 0: did you forget to use -u perhaps ?
28/Feb/2025 14:49:14 [nprobe.c:8226] -i is ignored as --collector-port|-3 has been used: using '-i none'
28/Feb/2025 14:49:14 [nprobe.c:8278] Flow cache is disabled in flow collection mode
28/Feb/2025 14:49:14 [nprobe.c:8281] Welcome to nProbe v.10.5.240802 for x86_64-pc-linux-gnu with native PF_RING acceleration
28/Feb/2025 14:49:14 [nprobe.c:8303] Enterprise L Edition running on Debian GNU/Linux 12 (bookworm)
28/Feb/2025 14:49:14 [nprobe.c:8311] Current limits [32 ZMQ exporters][128 collector devices]
28/Feb/2025 14:49:14 [nprobe.c:8326] SystemId: REDACTED
28/Feb/2025 14:49:14 [nprobe.c:8419] Sample rate [packet: 1][flow collection/export: 1/1]
28/Feb/2025 14:49:14 [exportPlugin.c:624] Using ElasticSearch for data dump [flows][nprobe-%Y.%m.%d][https://elasticsearch.mydomain.com:9200/_bulk]
28/Feb/2025 14:49:14 [exportPlugin.c:628] [template: https://elasticsearch.mydomain.com:9200/_template/nprobe_template][query: https://elasticsearch.mydomain.com:9200/]
28/Feb/2025 14:49:14 [nprobe.c:10498] Using template %IN_BYTES %IN_PKTS %PROTOCOL %SRC_TOS %TCP_FLAGS %L4_SRC_PORT %IPV4_SRC_ADDR %SRC_MASK %INPUT_SNMP %L4_DST_PORT %IPV4_DST_ADDR %DST_MASK %OUTPUT_SNMP %IPV4_NEXT_HOP %SRC_AS %DST_AS %ICMP_TYPE %SAMPLING_INTERVAL %SAMPLING_ALGORITHM %FLOW_ACTIVE_TIMEOUT %FLOW_INACTIVE_TIMEOUT %MIN_TTL %MAX_TTL %DST_TOS %SRC_VLAN %DST_VLAN %IP_PROTOCOL_VERSION %DIRECTION %IN_DST_MAC %IN_SRC_MAC %OUT_DST_MAC %OUT_SRC_MAC %L7_PROTO %L7_PROTO_NAME %FIRST_SWITCHED %LAST_SWITCHED %IPV6_SRC_ADDR %IPV6_DST_ADDR
28/Feb/2025 14:49:14 [nprobe.c:10500] Using NetFlow Packet Payload Len: 1472
28/Feb/2025 14:49:14 [plugin.c:1207] 1 plugin(s) enabled
28/Feb/2025 14:49:14 [nprobe.c:10864] Skipping plugin Export Plugin: no IEs defined
28/Feb/2025 14:49:14 [nprobe.c:11049] Each flow is 149 bytes long
28/Feb/2025 14:49:14 [nprobe.c:11050] The # flows per packet has been set to 8
28/Feb/2025 14:49:14 [nprobe.c:11053] IP TOS is accounted
28/Feb/2025 14:49:14 [nprobe.c:12006] Flow export type (-T): unidirectional flows
28/Feb/2025 14:49:14 [nprobe.c:12048] Enable flow deduplication [frequency: 5]
28/Feb/2025 14:49:14 [nprobe.c:12200] Flows ASs will not be computed (no GeoDB files loaded with --as-list)
28/Feb/2025 14:49:14 [nprobe.c:12232] Flows will be exported in NetFlow 9 format
28/Feb/2025 14:49:14 [nprobe.c:12470] Not capturing packet from interface (collector mode)
28/Feb/2025 14:49:14 [util.c:5378] Enlarged socket buffer [echo 8388608 > /proc/sys/net/core/rmem_max]
28/Feb/2025 14:49:14 [util.c:5433] nProbe changed user to 'nprobe'
28/Feb/2025 14:49:14 [export.c:487] Using JSON as serialization format
28/Feb/2025 14:49:14 [nprobe.c:12784] nProbe started successfully
28/Feb/2025 14:49:14 [exportPlugin.c:899] [EXPORT] Starting thread
28/Feb/2025 14:49:18 [exportPlugin.c:454] WARNING: Unable to send the template to ELK
28/Feb/2025 14:49:18 [exportPlugin.c:539] [EXPORT] Ready to send data to ElasticSearch...
Elasticsearch settings
nprobe user that is assigned to nprobe-* indices has all the privileges for that index enabled, yet still the template cannot be loaded due to the incorrect URL.
The text was updated successfully, but these errors were encountered:
Description
nProbe is unable to send the JSON index template to Elasticsearch.
Cause
nProbe tries to send the index template to the REST API address at https://elasticsearch.mydomain.com:9200/_template but index templates are located at https://elasticsearch.mydomain.com:9200/_index_template.
Log output (flow statistics omitted)
Elasticsearch settings
nprobe user that is assigned to nprobe-* indices has all the privileges for that index enabled, yet still the template cannot be loaded due to the incorrect URL.
The text was updated successfully, but these errors were encountered: