Filebeat Cisco module Nexus fileset dissect_parsing_error flag

Elastic Stack Beats
,
1

I'm trying to use Filebeat with Cisco module and Nexus fileset, but it seems like these logs aren't parsed properly.
In every document I see - dissect_parsing_error in log.flags.
It looks like that:

image
image1256×1202 86.3 KB

filebeat version

filebeat version 8.4.3 (amd64), libbeat 8.4.3 [c2f2aba479653563dbaabefe0f86f5579708ec94 built 2022-09-27 15:24:56 +0000 UTC]

cisco.yml module config:

nexus:
    enabled: true

    # Set which input to use between udp (default), tcp or file.
    var.input: udp
    var.syslog_host: 0.0.0.0
    var.syslog_port: 514

Cisco Nexus config:

image
image732×696 53.2 KB

I would say, it is very similar or the same issue as on closed topic here - Filebeat Cisco Module Nexus dissect_parsing_error

2

Hi @obol89 - we recently released an updated integration for Nexus events via Elastic Agent, which will likely resolve the parsing errors you're running into. It also includes improved ECS mappings and several dashboards. Are you in a position to use the Elastic Agent integration rather than the Filebeat module?

3

Hi @jamie.hynds,

Thank you for your reply.

Is there any chance these changes will be included in Filebeat Cisco module?

I prefer to use Filebeat, rather than Elastic Agent. We were doing tests with Elastic Agent, and it takes much more resources than Filebeat.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.