The issue is that the User-Agent field is being populated with '\x__' characters, which is the default encoding for NGINX access logs, and, unfortunately, invalid JSON. If you are using a newer version of NGINX (>=1.11.8), then you can set escape=json
as an argument, which will supply a properly encoded version of the data.
See https://github.com/elastic/examples/tree/master/Common%20Data%20Formats/nginx_json_logs#warning-invalid-json for more details.