Could not index event to Elasticsearch

Hi, i'm try to parse the ngfw event with logstash in tcp port 5000 to Elasticsearch but the logstash-plain.log always said:

"status"=>400, "error"=>{"type"=>"ma pper_parsing_exception", "reason"=>"object mapping for [host] tried to parse fie ld [host] as object, but found a concrete value"

my logstash config is:

input {
        tcp {
                port => 5000
                codec => cef {
                delimiter => "\n"
                ecs_compatibility => v1
           }
        }
}

output {
        elasticsearch {
                hosts => "<my ip>:9200"
                user => "elastic"
                password => "<mypass>"
                index => "ngfw"
                ecs_compatibility => disabled
        }
}

What should i do to make the event show in kibana?

This is the example on of the logs:

[2021-12-10T11:18:05,919][WARN ][logstash.outputs.elasticsearch][main][191a48d708ce268260e394dcd10fa3216c216c4b3e54757d7b36c439b470dd20] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"ngfw", :routing=>nil}, {"observer"=>{"name"=>"xx node 1", "ip"=>"xx", "product"=>"Firewall", "version"=>"6.9.0", "vendor"=>"xx", "ingress"=>{"interface"=>{"name"=>"12"}}, "hostname"=>"xx"}, "destination"=>{"ip"=>"xx", "port"=>"62912"}, "source"=>{"ip"=>"xx", "port"=>"21694"}, "host"=>"xx", "@version"=>"1", "@timestamp"=>2021-12-10T18:18:03.000Z, "port"=>36616, "log"=>{"syslog"=>{"facility"=>{"code"=>"Packet Filtering"}}}, "cef"=>{"name"=>"Connection_Discarded", "version"=>"<6>CEF:0", "device_custom_string_1"=>{"label"=>"RuleID", "value"=>"21.0"}}, "network"=>{"protocol"=>"UDP/62912", "transport"=>"17"}, "event"=>{"action"=>"Discard", "severity"=>"0", "code"=>"70019"}}], :response=>{"index"=>{"_index"=>"ngfw", "_type"=>"_doc", "_id"=>"lO8QpH0Bx0dBNubZhZ1Z", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"object mapping for [host] tried to parse field [host] as object, but found a concrete value"}}}}

See this post.