I have attempted to enable the SonicWall Filebeat module but it doesn't seem to support our logs fully.
I am running v7.9.2 and looked at enabling this through ingest manager in the Kibana GUI but that doesn't seem to be ready so have enabled the module on Filebeat. Data is coming in but most entries are getting tagged with dissect_parsing_error.
The result seems different depending on the original log message and what values it contains but I don't understand the pipeline files well enough to debug. If someone could point me at what to look at I will happily try to diagnose.
It looks like a lot of it is working and many of the fields are populated but how many depends on the original message. Some will get the source details extracted (source.ip, source.port, etc.) but fail to get the destination details. Others get no IP information and others get all.
Is there a way of determining what part of the log caused the dissect_parsing_error and where int he pipeline.js file that issue was?