fix dissect pattern to fit correctly

P1llus · P1llus · commit 9548236053ab · 2021-10-11T18:59:49.000+02:00
diff --git a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json
@@ -4296,11 +4296,28 @@
         "related.hosts": [
             "dev01"
         ],
+        "related.ip": [
+            "1.2.3.4"
+        ],
+        "related.user": [
+            "test_user"
+        ],
         "service.type": "cisco",
+        "source.address": "1.2.3.4",
+        "source.geo.city_name": "Moscow",
+        "source.geo.continent_name": "Europe",
+        "source.geo.country_iso_code": "RU",
+        "source.geo.country_name": "Russia",
+        "source.geo.location.lat": 55.7527,
+        "source.geo.location.lon": 37.6172,
+        "source.geo.region_iso_code": "RU-MOW",
+        "source.geo.region_name": "Moscow",
+        "source.ip": "1.2.3.4",
         "tags": [
             "cisco-asa",
             "forwarded"
-        ]
+        ],
+        "user.name": "test_user"
     },
     {
         "cisco.asa.destination_interface": "inside",
diff --git a/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml b/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml
@@ -656,7 +656,7 @@ processors:
       if: "ctx._temp_.cisco.message_id == '713049'"
       field: "message"
       description: "713049"
-      pattern: "Group = %{}, Username = %{user.name}, IP = %{source.address}, Security negotiation complete for LAN-to-LAN Group (%{}) %{}, Inbound SPI = %{}, Outbound SPI = %{}"
+      pattern: "Group = %{}, Username = %{user.name}, IP = %{source.address}, Security negotiation complete for User (%{}) %{}, Inbound SPI = %{}, Outbound SPI = %{}"
       ignore_failure: true
   - grok:
       if: "ctx._temp_.cisco.message_id == '716002'"
