botelastic[bot]
commented
2 days ago This issue doesn't have a Team:<team> label.
Open novaksam opened 2 days ago
botelastic[bot]
commented
2 days ago This issue doesn't have a Team:<team> label.
I upgraded to filebeat 8.15.3 and observed that I was having errors generate in the output log. Closer inspection showed that the ingest pipeline was failing to parsing IPv6 addresses.
My example log had a callerIPAddress of
2603:1036:301:207e::5which was being picked up by the topmost grok parser, resulting infailed to parse field [source.ip] of type [ip] in document..."'2600' is not an IP string literal.\"errors.https://github.com/elastic/beats/blob/076ea50b314499ac91cc21c7f4d26be32c8cf901/x-pack/filebeat/module/azure/auditlogs/ingest/pipeline.yml#L91