Provided expression do not match field value filebeat 8.15.0 fortinet module

I'm trying to analyze Fortinet FortiGate logs with the filebeat module "Fortinet". The only informations and solutions I found about this was Topics from 2019-2020 with a filebeat version 7.5 which was way too long ago.

I get the logs via syslog and send all the log into a specific file with rsyslog :

if ($fromhost-ip == '10.10.10.10') then {
    action(type="omfile" file="/var/log/fortinet.log")
    stop
}

And it works well.

In the Fortinet module I did :

- module: fortinet
  firewall:
    enabled: true
    var.input: "file"

    var.paths: ["/var/log/fortinet.log"]
    var.tags: [fortinet-firewall, forwarded]

Which is working, I have no issue with the service and no error is showing up.

The thing is that in the documentation, both the module and integration for elastic are saying :


But my FortiGate is in version 7.2.x

Does anyone have an issue with the module and is there any modification needed to make this error disappear ?

Currently, I recieve the logs, the logs are treated by filebeat but he doesn't do anything he's not adding the data into the designated fields. He's just adding a "error.message" field with the sentence "Provided expression do not match field value".

just after there is the whole line of log which I'm not showing because of the information it contains

Hope someone can help.

I see that there has been a lot of questions about this like these ones : [Filebeat][Fortinet Module] Failed to parse field - Elastic Stack / Beats - Discuss the Elastic Stack
Filebeat Fortinet have error message - Elastic Stack / Beats - Discuss the Elastic Stack

They all are way out of date. So has there been any update on the module since then ?

And yes, I tried using the pattenrs they gave here [Filebeat Fortinet Module] Include more Grok Pattern · Issue #23246 · elastic/beats · GitHub

But it dit not work.