i am using filebeat version 7.8.1
i got error saying
Provided Grok expressions do not match field value: [date=2020-04-23 time=12:17:45 devname=\"testswitch1\" devid=\"somerouterid\" logid=\"0317013312\" type=\"utm\" subtype=\"webfilter\" eventtype=\"ftgd_allow\" level=\"notice\" vd=\"root\" eventtime=1587230266314799756 tz=\"-0500\" policyid=38 sessionid=543234 user=\"elasticuser\" group=\"elasticgroup\" authserver=\"elasticauth\" srcip=192.168.2.1 srcport=65236 srcintf=\"port1\" srcintfrole=\"lan\" dstip=8.8.8.8 dstport=443 dstintf=\"wan1\" dstintfrole=\"wan\" proto=6 service=\"HTTPS\" hostname=\"elastic.co\" profile=\"elasticruleset\" action=\"passthrough\" reqtype=\"direct\" url=\"/\" sentbyte=3545 rcvdbyte=6812 direction=\"outgoing\" msg=\"URL belongs to an allowed category in policy\" method=\"domain\" cat=23 catdesc=\"Web-based Email\"]
original log as below
date=2020-04-23 time=12:17:45 devname="testswitch1" devid="somerouterid" logid="0317013312" type="utm" subtype="webfilter" eventtype="ftgd_allow" level="notice" vd="root" eventtime=1587230266314799756 tz="-0500" policyid=38 sessionid=543234 user="elasticuser" group="elasticgroup" authserver="elasticauth" srcip=192.168.2.1 srcport=65236 srcintf="port1" srcintfrole="lan" dstip=8.8.8.8 dstport=443 dstintf="wan1" dstintfrole="wan" proto=6 service="HTTPS" hostname="elastic.co" profile="elasticruleset" action="passthrough" reqtype="direct" url="/" sentbyte=3545 rcvdbyte=6812 direction="outgoing" msg="URL belongs to an allowed category in policy" method="domain" cat=23 catdesc="Web-based Email"