I am filebeat to send logs to ELK via logstash but I am not able to view default dashboard or timestamp logs. At the same time, if I send all logs from filebeat to Elastic directly i can see dashboard without any issues. Due to log ingest i have to use logstash and filebeat pipeline.
I would like to seek experts advice / help on how to fix this issue.
I am also getting parsing error with ASA-302013 syslog ID as below.
[2020-10-29T04:59:04,490][WARN ][logstash.outputs.elasticsearch][asa][ae928988e10216717f523d6220b466c40c1d9e3b5f9aade72bf35eadd3cbc910] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"cisco-asa-2020.10.29", :routing=>nil, :_type=>"_doc", :pipeline=>"filebeat-7.9.3-cisco-asa-asa-ftd-pipeline"}, #LogStash::Event:0x5d0bdade], :response=>{"index"=>{"_index"=>"cisco-asa-2020.10.29", "_type"=>"_doc", "_id"=>"Rhq4cnUBrVYcZmTI_lt0", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse field [source.port] of type [long] in document with id 'Rhq4cnUBrVYcZmTI_lt0'. Preview of field's value: '25165(LOCAL\j1006851)'", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"For input string: "25165(LOCAL\j1006851)""}}}}}