Skip to content

[Cisco ASA]: Pipeline processor parse_315011 doesn't work if interface contains '-' character #15222

New issue
New issue
Closed
#15242
Closed
[Cisco ASA]: Pipeline processor parse_315011 doesn't work if interface contains '-' character#15222
#15242
Assignees
bhapas
Labels
Integration:cisco_asaCisco ASATeam:Integration-ExperienceSecurity Integrations Integration Experience [elastic/integration-experience]bugSomething isn't working, use only for issues
@tanja-milicic

Description

@tanja-milicic
tanja-milicic
opened on Sep 8, 2025

Integration Name

Cisco ASA [cisco_asa]

Dataset Name

No response

Integration Version

2.43.7

Agent Version

9.1.2

Agent Output Type

elasticsearch

Elasticsearch Version

9.1.2

OS Version and Architecture

N/A

Software/API Version

No response

Error Message

Provided Grok expressions do not match field value

Event Original

SSH session from 69.153.86.65 on interface test-interface for user "monitor" terminated normally

What did you do?

Using default pipeline

What did you see?

Provided Grok expressions do not match field value: [SSH session from 69.153.86.65 on interface test-interface for user "monitor" terminated normally]

What did you expect to see?

Successfully parsed event

Anything else?

Using %{NOTSPACE:_temp_.cisco.source_interface} or (?<_temp_.cisco.source_interface>[\w-]+) instead of %{WORD:_temp_.cisco.source_interface} works.

Metadata

Metadata

Assignees

Labels

Integration:cisco_asaCisco ASATeam:Integration-ExperienceSecurity Integrations Integration Experience [elastic/integration-experience]bugSomething isn't working, use only for issues

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions