I am a new user of all of this, and I believe I have it set up correctly, but I am seeing some strange results.
I have the latest version of filebeat installed, and have the cisco and netflow modules enabled. I have the cisco module receiving syslog messages from my asa on the correct port, and the netflow module receiving netflow messages on the correct port. But when I look at the ASA dashboard, there is no netflow data displayed at all.
If I look in the SIEM section, I can see that there are thousands of netflow_events being logged, but if I open the "Filebeat" section under "Network Events," it shows CISCO events = 544, but no Netflow events.
Did I miss a step? I did run Filebeat with debugging turned on, and for the first minute or so it complains about missing templates, but then that clears once the ASA sends a template out (I have it set to do so every minute). If I look at "discover" under the Kibana section, I can see all of the netflow events:
What am I doing wrong? Why doesn't the ASA Dashboard show any NetFlow data?