Kibana log error message "event.dataset cisco.asa failed to find message"

robertitox · July 6, 2020, 3:58pm

Dear people, I have an ELK 7.8.0 server running OK.

I've setup the Cisco ASA module in filebeat and all the ASA logs are coming OK to my ELK server on port UDP/514. I can see the ASA lohgs in Discover and SIEM Netwotk tab.

But when I go to Kibana --> Observavility --> Logs I see a lot of error messages:

But when I go to Kibana --> Discover, at cisco.asa error times I can't see any syslog message, so I think Kibana can't retrieve Cisco ASA logs at those times for any reason I don't know.
My cisco module is this:

module: cisco
asa:
enabled: true
var.input: syslog
var.syslog_host: 10.1.1.15
var.syslog_port: 514
var.log_level: 7

What can be the problem? Can you help me please?

Special thanks !!!

robertitox · July 7, 2020, 12:40am

The same occurs with event.dataset equal to netflow.log:

Netflow data is received by Netflow module from Filebeat.

How can be the problem?

Thanks !!!

robertitox · July 7, 2020, 3:00pm

I add:

Cisco and Netflow' Filebeat modules put the data in the same filebeat index,and these are my filebeat indices from July:

afgomez · July 16, 2020, 3:03pm

Hi @robertitox,

Thanks for your message! This looks like a bug in Kibana. I have opened an issue in our github.

robertitox · July 17, 2020, 1:34pm

Dear Alejandro, thanks a lot for your help.

I could see there is no message field in the incoming log, so a message failed error appears. So it's not an problem, isn't it?

Regards!!!

system · August 14, 2020, 1:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.