I am sure this is something silly, but I have been banging my head on this, I am trying to use the sonicwall module on filebeat 8.4
This is the sonicwall.yml:
# Module: sonicwall
# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-sonicwall.html
- module: sonicwall
firewall:
enabled: true
# Set which input to use between udp (default), tcp or file.
var.input:
var.syslog_host:
- 10.100.100.121
var.syslog_port:
- 25514
# Set paths for the log files when file input is used.
# var.paths:
# Toggle output of non-ECS fields (default true).
# var.rsa_fields: true
# Set custom timezone offset.
# "local" (default) for system timezone.
# "+02:00" for GMT+02:00
#var.tz_offset: local
and this is the error I get:
Sep 30 12:02:59 TS-ELK01 filebeat[316482]: {"log.level":"error","@timestamp":"2022-09-30T12:02:59.882-0400","log.logger":"reload","log.origin":{"file.name":"cfgfile/list.go","file.line":109},"message":"Error creating runner from config: could not create module registry for filesets: error getting config for fileset sonicwall/firewall: Error interpreting the template of the input: template: text:1:6: executing \"text\" at <eq .input \"file\">: error calling eq: uncomparable type map[string]interface {}: map[var:map[syslog_host:[10.100.100.121] syslog_port:[25514]]]","service.name":"filebeat","ecs.version":"1.6.0"}
I have checked the yaml with yaml lint and it says it is valid, but I must be missing something here.
Does anyone else have any input to help me resolve this?