filebeat/panw: ingest fails with date parsing error when ingested via logstash #33829

efd6 · 2022-11-27T20:32:46Z

The PANW PANOS module ingest fails with a date parsing error during mapping when the documents have been sent via a logstash-containing path when logstash is 8.x. This appears to be due to logstash by default setting ecs_compatibility to true. This results in event.original being populated and to the ingest pipeline failing before the non-conforming date has been converted, resulting a the ingest failure being noted as being caused by the date format error.

The text was updated successfully, but these errors were encountered:

elasticmachine · 2022-11-27T20:50:45Z

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Nov 27, 2022

efd6 added the Team:Security-External Integrations label Nov 27, 2022

botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Nov 27, 2022

efd6 added the bug label Nov 27, 2022

efd6 mentioned this issue Nov 27, 2022

x-pack/filebeat/module/panw: work around already set event.original field #33830

Merged

6 tasks

efd6 closed this as completed in #33830 Dec 5, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

filebeat/panw: ingest fails with date parsing error when ingested via logstash #33829

filebeat/panw: ingest fails with date parsing error when ingested via logstash #33829

efd6 commented Nov 27, 2022

elasticmachine commented Nov 27, 2022

filebeat/panw: ingest fails with date parsing error when ingested via logstash #33829

filebeat/panw: ingest fails with date parsing error when ingested via logstash #33829

Comments

efd6 commented Nov 27, 2022

elasticmachine commented Nov 27, 2022