Fortinet module `sentdelta` and `rcvddelta` field type is not number

hylowaker · September 26, 2025, 6:10am

In the Filebeat fortinet module, the fields fortinet.firewall.sentdelta and fortinet.firewall.rcvddelta are set as Keyword type.

I am not sure if it is intended or not, but I think these fields should be Long type to support aggregation.


      
          - name: sentdelta
            type: keyword
            description: >
              Sent bytes delta


      
          - name: rcvddelta
            type: keyword
            description: >
              Received bytes delta

leandrojmp · September 26, 2025, 1:31pm

Hello and welcome,

You will need to open an Issue on the Beats repository in Github, this one.

This was already fixed on the Elastic Agent integration, but the fix was not replicated to the Filebeat module for some reason.

Topic		Replies	Views
Filebeat Module: Fortinet 7.8 Beats	2	364	June 22, 2020
Filebeat Fortinet Firewall Module 7.15.1 Beats filebeat	1	297	November 16, 2021
Filebeat 7.2 netflow module and adding custom fields Beats filebeat	1	459	August 6, 2019
[Filebeat][Fortinet Module] Failed to parse field Beats filebeat	3	837	June 21, 2021
Filebeat: Fortinet Module not processing data as it should Beats filebeat	15	2076	June 3, 2021