Tying to use the new S3 input to source VPC flow logs. I am getting the following error. Any help. This is from Kibana logs.
[2020-03-05T20:32:04,069][DEBUG][o.e.a.b.TransportShardBulkAction] [node-1] [filebeat-7.6.0-2020.03.03-000001][0] failed to execute bulk item (create) index {[filebeat-7.6.0][_doc][pJJlrHABojeKMrLM5RTQ], source[{"container":{"id":"vpcflowlogs"},"agent":{"hostname":"ip-10-xxx-163-xx","id":"99c84ddd-4343-4e30-b9ad-2415e05304aa","type":"filebeat","ephemeral_id":"72961c6d-d4e3-4789-85d3-f663b1136a65","version":"7.6.0"},"log":{"file.path":"https://xxx-xxxxxx-dev-xxx-vpc-flowlogs.s3-us-east-1.amazonaws.com/AWSLogs/144846870225/vpcflowlogs/us-east-1/2020/03/05/144846870225_vpcflowlogs_us-east-1_fl-0cdf25e42e41d1201_20200305T1915Z_1f2fb820.log.gz","offset":40126},"fileset":{"name":"vpcflow"},"cloud":{"provider":"aws","region":"us-east-1"},"input":{"type":"s3"},"@timestamp":"1970-01-01T00:00:22.000Z","ecs":{"version":"1.4.0"},"service":{"type":"aws"},"host":{"hostname":"ip-10-252-xxx-xx","os":{"kernel":"4.14.165-103.209.amzn1.x86_64","name":"Amazon Linux AMI","family":"redhat","version":"2018.03","platform":"amzn"},"containerized":false,"name":"ip-10-252-xxx-91","id":"50ae63b7bdf78fea01aaa12c5d9e344e","architecture":"x86_64"},"aws":{"s3":{"bucket":{"name":"xxx-xxxx-dev-inf-vpc-flowlogs","arn":"arn:aws:s3:::xxx-xxxxx-xxx-xxx-vpc-flowlogs"},"object.key":"AWSLogs/144846870225/vpcflowlogs/us-east-1/2020/03/05/144846870225_vpcflowlogs_us-east-1_fl-0cdf25e42e41d1201_20200305T1915Z_1f2fb820.log.gz"},"vpcflow":{"vpc_id":"144846870225","pkt_srcaddr":"1583435796","type":"37138","version":"3","interface_id":"10.252.163.8","instance_id":"10.252.164.136","log_status":"-\n","account_id":"5432","tcp_flags":"10.2xx.xxx.8","action":"10.252.164.136","subnet_id":"eni-004f12ff6e18bff75","pkt_dstaddr":"ACCEPT"}},"event":{"original":"3 144846870225 eni-004f12ff6e18bff75 10.252.164.136 10.252.1xx.xx 5432 37138 6 25 9597 1583435556 1583435796 ACCEPT OK vpc-7de6321b IPv4 subnet-63f1654e 22 10.xx2.xx4.xx6 10.252.163.8 -\n","module":"aws","end":"1970-01-01T00:00:22.000Z","type":"flow","category":"network_traffic","dataset":"aws.vpcflow"}}]}
org.elasticsearch.index.mapper.MapperParsingException: failed to parse field [aws.vpcflow.pkt_srcaddr] of type [ip] in document with id 'pJJlrHABojeKMrLM5RTQ'. Preview of field's value: '1583435796'
at org.elasticsearch.index.mapper.FieldMapper.parse(FieldMapper.java:306) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrField(DocumentParser.java:488) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.mapper.DocumentParser.parseValue(DocumentParser.java:614) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.mapper.DocumentParser.innerParseObject(DocumentParser.java:427) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrNested(DocumentParser.java:395) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrField(DocumentParser.java:485) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.mapper.DocumentParser.parseObject(DocumentParser.java:505) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.mapper.DocumentParser.innerParseObject(DocumentParser.java:418) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrNested(DocumentParser.java:395) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrField(DocumentParser.java:485) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.mapper.DocumentParser.parseObject(DocumentParser.java:505) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.mapper.DocumentParser.innerParseObject(DocumentParser.java:418) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrNested(DocumentParser.java:395) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.mapper.DocumentParser.internalParseDocument(DocumentParser.java:112) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.mapper.DocumentParser.parseDocument(DocumentParser.java:71) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:267) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.shard.IndexShard.prepareIndex(IndexShard.java:793) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.shard.IndexShard.applyIndexOperation(IndexShard.java:770) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.shard.IndexShard.applyIndexOperationOnPrimary(IndexShard.java:742) ~[elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.action.bulk.TransportShardBulkAction.executeBulkItemRequest(TransportShardBulkAction.java:254) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.action.bulk.TransportShardBulkAction$2.doRun(TransportShardBulkAction.java:157) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.action.bulk.TransportShardBulkAction.performOnPrimary(TransportShardBulkAction.java:189) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:114) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:81) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryShardReference.perform(TransportReplicationAction.java:895) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.action.support.replication.ReplicationOperation.execute(ReplicationOperation.java:109) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.runWithPrimaryShardReference(TransportReplicationAction.java:374) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.lambda$doRun$0(TransportReplicationAction.java:297) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.shard.IndexShard.lambda$wrapPrimaryOperationPermitListener$24(IndexShard.java:2791) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.action.ActionListener$3.onResponse(ActionListener.java:113) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.shard.IndexShardOperationPermits.acquire(IndexShardOperationPermits.java:285) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.shard.IndexShardOperationPermits.acquire(IndexShardOperationPermits.java:237) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.index.shard.IndexShard.acquirePrimaryOperationPermit(IndexShard.java:2765) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction.acquirePrimaryOperationPermit(TransportReplicationAction.java:836) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.doRun(TransportReplicationAction.java:293) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.action.support.replication.TransportReplicationAction.handlePrimaryRequest(TransportReplicationAction.java:256) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor$ProfileSecuredRequestHandler$1.doRun(SecurityServerTransportInterceptor.java:257) [x-pack-security-7.6.0.jar:7.6.0]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor$ProfileSecuredRequestHandler.messageReceived(SecurityServerTransportInterceptor.java:315) [x-pack-security-7.6.0.jar:7.6.0]
at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:63) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.transport.TransportService$7.doRun(TransportService.java:750) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:692) [elasticsearch-7.6.0.jar:7.6.0]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-7.6.0.jar:7.6.0]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at java.lang.Thread.run(Thread.java:830) [?:?]
Caused by: java.lang.IllegalArgumentException: '1583435796' is not an IP string literal.
at org.elasticsearch.common.network.InetAddresses.forString(InetAddresses.java:335) ~[elasticsearch-7.6.0.jar:7.6.0]