enotspe
commented
4 years ago Hello @whataboutpereira! Yes, that was an error indeed. I don´t know how to delete it, tough.
Closed whataboutpereira closed 4 years ago
enotspe
commented
4 years ago Hello @whataboutpereira! Yes, that was an error indeed. I don´t know how to delete it, tough.
enotspe
commented
4 years ago I found the root cause. (I really hope no one will have to deal with it).
It turns out that logid=0100032546 causes a parser error. The msg field on this log is way to long. It seems that the issue is on logstash side, but we are still debugging. After a certain lenght, all the remaining value of msg continues been evaluated as key/value, but it is actually part of the value of msg
This logid refers to an application crash message. It only is happening on one (out of 100s) firewal, so I guess I might be a bug.
enotspe
commented
4 years ago we have updated drop pipeline, so ti can filter out these weird fields caused by logid=0100032546
enotspe
commented
4 years ago closed on #7
Hello! I'm looking at an odd field in the index patterns for ecs-fortigate-* -
Technology\"catI can only suspect it's erroneous. :)