Hello there,
Our Sonicwall generates this message:
<110> id=yyyy sn=C0EAE4F9FB00 time="2021-03-24 14:35:31 UTC" fw=xx.xx.xx.xx pri=6 c=262144 m=98 msg="Connection Opened" app=49177 appName="General HTTPS" n=218510470 src=xx.xx.xx.xx:55329:X22-V2100 dst=xx.xx.xx.xx:443:X20 proto=tcp/https sent=52
and the parser does this:
observer.ingress.interface.name: X22-V2100 dst=xx.xx.xx.xx:443:X20 proto=tcp/https sent=52
by doing that we lose the destination, proto and sent fields.
We are using filebeat 7.11.2
Do you have any ideas on this? Is this a bug? How do we report?
Thanks,
Rodrigo.