I've tried searching for the value when I get status 400 and the exception and here's what it looks like, I've only removed the geoip output and the real outside ip
Looks like it's not the ASA but the 2901 Router causing it, maybe an ACL causing a packet to be malformed, don't know
Blockquote [2018-04-04T08:13:25,292][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"netflow-2018.04.03", :_type=>"doc", :_routing=>nil}, #LogStash::Event:0x54630c5d], :response=>{"index"=>{"_index"=>"netflow-2018.04.03", "_type"=>"doc", "_id"=>"JSWSjWIBuAdp7i0vaC-j", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse [netflow.flow_start_msec]", "caused_by"=>{"type"=>"json_parse_exception", "reason"=>"Numeric value (14340042958798061568) out of range of long (-9223372036854775808 - 9223372036854775807)\n at [Source: org.elasticsearch.common.bytes.BytesReference$MarkSupportingStreamInputWrapper@66e2e84; line: 1, column: 309]"}}}}}
root# cat netflow.log | grep 14340042958798061568
Blockquote
{"syslog_severity":"notice","netflow":{"icmp_code":0,"flowset_id":257,"ipv4_dst_addr":"some_ip_address","ingress_acl_id":"00007d3b-59d07d3b-59b40000","egress_acl_id":"08b90000-00090002-0005c0a8","xlate_dst_addr_ipv4":"2.192.168.101","xlate_src_port":14784,"l4_dst_port":0,"flow_start_msec":14340042958798061568,"ipv4_src_addr":"0.0.0.0","flow_seq_num":3324889,"fw_ext_event":1536,"username":"Aˬe9\u0006\u0000\u0017e
+\u0000\u0000À¨Ç\u0006\u0018\u0011\u001B\u0001\u0000\u0000\u0000\u0000};%}:þÈ\u0000\u0000\u0003m\u0000\u0000\u0000\u0006\u0000\u0002\u0000\u0005À¨\u0006À¨e\u0006\u0006\u0002ñ¡#è\u0000\u0000À¨Ç","input_snmp":22992,"conn_id":403773953,"version":9,"protocol":0,"icmp_type":0,"xlate_src_addr_ipv4":"13.0.5.0","xlate_dst_port":43139,"event_time_msec":9595789153602158760,"fw_event":65,"l4_src_port":32059,"output_snmp":2387},"syslog_severity_code":5,"syslog_facility":"user-level","type":"netflow","tags":["netflow","Cisco 2901 Router","GeoIP-DST","_geoip_lookup_failure","netflow-message"],"host":"192.168.199.1","@timestamp":"2018-04-03T22:13:36.000Z","syslog_facility_code":1}