Unfortunately You truncated the logs. The important information is on the right hand side of the log lines. You truncated them so I can't tell what's going on.
Plus you need more of them probably 2 or 3 times as many. You can put them here or in a pastebin or something like that, but I can't help with only seeing the front section of the logs...
You should be able to see a line that says opening UDP for example.
Also, why do you have that filestsream input enabled? Are you collecting other logs?
And to be clear, you ran the setup command correct??
Can you see port 9002 open and listening?
Are you sure the cisco is sending to the correct host / IP / port?
@morad_della3 I feel like we have had this conversation before