GROK ASA Issues

Hey everyone,
I am a logstash/grok beginner and would love some help parsing my syslog from our ASA to create some tags. I have tried both the grok debugger on herokuapp and the dev tools in Kibana without luck. My syslog is:

%ASA-6-106100: access-list 100 denied udp outside/x.x.x.x(4500) -> inside/x.x.x.x(4500) hit-cnt 1 first hit [0x40c998bc, 0x00000000]

The custom file we are inputting is:

filter {
if [type] == "firewall" {
grok {
match => ["message", "%{CISCO_TAGGED_SYSLOG} %{GREEDYDATA:cisco_message}"]
}

  syslog_pri { }

}
}

We are receiving a _grokparsefailure using this as a base as well as adding:

 grok {
    match => ["cisco_message", "%{CISCOFW106100}"]
  }

Our hope is to have the following tags:
device_src: ASA-6-106100
Action: access-list 100 denied udp
OutsideIP:x.x.x.x(Outside IP)
OutsidePort:4500
InternalIP: x.x.x.x (Internal IP)
InternalPort:4500
HitCount: 1

Any and all help would be greatly appreciated!

input { generator { count => 1 lines => [ '%ASA-6-106100: access-list 100 denied udp outside/1.2.3.4(4500) -> inside/1.2.3.4(4500) hit-cnt 1 first hit [0x40c998bc, 0x00000000]' ] } }
filter {
    grok { match => { "message" => "%{CISCOFW106100}" } }
}

produces

"dst_interface" => "inside",
    "hit_count" => "1",
    "hashcode1" => "0x40c998bc",
     "src_port" => "4500",
    "policy_id" => "100",
    "hashcode2" => "0x00000000",
     "protocol" => "udp",
     "dst_port" => "4500",
       "action" => "denied",
"src_interface" => "outside",
     "interval" => "first hit",
       "dst_ip" => "1.2.3.4",
       "src_ip" => "1.2.3.4"

for me. You do not say what the incoming event looks like so I cannot speak to why the first grok might be failing.

Thank you so much! That populated the fields perfectly!