Provided expression do not match field value filebeat 8.15.0 fortinet module

I'm trying to analyze Fortinet FortiGate logs with the filebeat module "Fortinet". The only informations and solutions I found about this was Topics from 2019-2020 with a filebeat version 7.5 which was way too long ago.

I get the logs via syslog and send all the log into a specific file with rsyslog :

if ($fromhost-ip == '10.10.10.10') then {
    action(type="omfile" file="/var/log/fortinet.log")
    stop
}

And it works well.

In the Fortinet module I did :

- module: fortinet
  firewall:
    enabled: true
    var.input: "file"

    var.paths: ["/var/log/fortinet.log"]
    var.tags: [fortinet-firewall, forwarded]

Which is working, I have no issue with the service and no error is showing up.

The thing is that in the documentation, both the module and integration for elastic are saying :

image847×135 11.1 KB

Does anyone have an issue with the module and is there any modification needed to make this error disappear ?

Currently, I recieve the logs, the logs are treated by filebeat but he doesn't do anything he's not adding the data into the designated fields. He's just adding a "error.message" field with the sentence "Provided expression do not match field value".

image733×22 8.38 KB

just after there is the whole line of log which I'm not showing because of the information it contains

Hope someone can help.

I see that there has been a lot of questions about this like these ones : [Filebeat][Fortinet Module] Failed to parse field - Elastic Stack / Beats - Discuss the Elastic Stack
Filebeat Fortinet have error message - Elastic Stack / Beats - Discuss the Elastic Stack

They all are way out of date. So has there been any update on the module since then ?

And yes, I tried using the pattenrs they gave here [Filebeat Fortinet Module] Include more Grok Pattern · Issue #23246 · elastic/beats · GitHub

But it dit not work.