Filebeat Module: Fortinet 7.8

Hello,

We are seeing multiple iterations of the following error type in the Filebeat Module for Fortinet v 7.8.

When
sentbyte=1569241255 + sentpkt=2797855
and
rcvdpkt=2166884 + rcvddelta=6625355

are greater than long allows:

Value [15692412551409076086] is out of range for a long.

Network >> bytes is mapped to long in the default Filebeat index template.

rcvdbyte=1409076086 sentpkt=2797855 rcvdpkt=2166884 appcat=\"unscanned\" sentdelta=2544882 rcvddelta=6625355\n","service":{"type":"fortinet"},"tags":["manager","prod","fortinet-firewall"]}, Private:interface {}(nil), TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=400): {"type":"mapper_parsing_exception","reason":"failed to parse field [network.bytes] of type [long] in document with id 'wFTCOHIBW130l4YLo6NU'. Preview of field's value: '15692412551409076086'","caused_by":{"type":"illegal_argument_exception","reason":"Value [15692412551409076086] is out of range for a long"}}"}

This seems to be a bug where both numbers are concatenated as strings. You can follow the issue here: https://github.com/elastic/beats/issues/18707

Just need to finalize something then I will take a look at it and let you know how it goes.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.