Kibana log error message "event.dataset cisco.asa failed to find message"

Dear people, I have an ELK 7.8.0 server running OK.

I've setup the Cisco ASA module in filebeat and all the ASA logs are coming OK to my ELK server on port UDP/514. I can see the ASA lohgs in Discover and SIEM Netwotk tab.

But when I go to Kibana --> Observavility --> Logs I see a lot of error messages:

imagen956×624 71.5 KB

But when I go to Kibana --> Discover, at cisco.asa error times I can't see any syslog message, so I think Kibana can't retrieve Cisco ASA logs at those times for any reason I don't know.
My cisco module is this:

• module: cisco
  asa:
  enabled: true
  var.input: syslog
  var.syslog_host: 10.1.1.15
  var.syslog_port: 514
  var.log_level: 7

What can be the problem? Can you help me please?

Special thanks !!!

The same occurs with event.dataset equal to netflow.log:

imagen589×551 48 KB

Netflow data is received by Netflow module from Filebeat.

How can be the problem?

Thanks !!!

I add:

Cisco and Netflow' Filebeat modules put the data in the same filebeat index,and these are my filebeat indices from July:

imagen865×466 37.1 KB

Hi @robertitox,

Thanks for your message! This looks like a bug in Kibana. I have opened an issue in our github.

Dear Alejandro, thanks a lot for your help.

I could see there is no message field in the incoming log, so a message failed error appears. So it's not an problem, isn't it?

Regards!!!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.