Filebeat Cisco module Nexus fileset dissect_parsing_error flag

obol89 · August 10, 2023, 10:27am

I'm trying to use Filebeat with Cisco module and Nexus fileset, but it seems like these logs aren't parsed properly.
In every document I see - dissect_parsing_error in log.flags.
It looks like that:

filebeat version

filebeat version 8.4.3 (amd64), libbeat 8.4.3 [c2f2aba479653563dbaabefe0f86f5579708ec94 built 2022-09-27 15:24:56 +0000 UTC]

cisco.yml module config:

nexus:
    enabled: true

    # Set which input to use between udp (default), tcp or file.
    var.input: udp
    var.syslog_host: 0.0.0.0
    var.syslog_port: 514

Cisco Nexus config:

I would say, it is very similar or the same issue as on closed topic here - Filebeat Cisco Module Nexus dissect_parsing_error

jamie.hynds · August 15, 2023, 10:01am

Hi @obol89 - we recently released an updated integration for Nexus events via Elastic Agent, which will likely resolve the parsing errors you're running into. It also includes improved ECS mappings and several dashboards. Are you in a position to use the Elastic Agent integration rather than the Filebeat module?

obol89 · August 15, 2023, 1:45pm

Hi @jamie.hynds,

Thank you for your reply.

Is there any chance these changes will be included in Filebeat Cisco module?

I prefer to use Filebeat, rather than Elastic Agent. We were doing tests with Elastic Agent, and it takes much more resources than Filebeat.

Topic		Replies	Views
Filebeat Cisco Module Nexus dissect_parsing_error Beats beats-module , filebeat	6	1412	May 6, 2021
Filebeat Cisco Modules for Nexus Beats beats-module , filebeat	1	443	October 24, 2023
Cisco module IOS error on parsing logs Beats filebeat	1	278	September 29, 2022
Filebeat Cisco Module to Logstash not working as expected Beats beats-module , filebeat	5	661	November 25, 2020
Filebeat Sonicwall module - dissect_parsing_error Beats	4	767	November 18, 2020

Filebeat Cisco module Nexus fileset dissect_parsing_error flag

Related topics