Integration errors with netflow.log data

[IanLee1521]

Hi there --

I've been using the Netflow integration for some time now, but tonight I was poking around my instance and noticed that there were a massive number of errors on those logs, of the form: array in field [source.ip] should only contain strings

Looking at the logs, it appears this is happening on all of the log messages, and further, it would seem that an IP of 1.2.3.4 is getting parsed (for all the fields) like:
 

[0.0.0.1, 0.0.0.2, 0.0.0.3, 0.0.0.4]

I confirmed I'm running the latest netflow integration (2.18.0), and looking at when this happened, it started (flipped a switch) on April 22. Not sure if that was the time of an integration update, or perhaps something that changed on the netflow sending side in our environment, I'm tracking that angle too, but wanted to point this out since everything else about the documents seems to look OK.

[IanLee1521]

I don't see that this integration has the ability to capture the event.original otherwise I would try to submit that with this ticket as well.

[elasticmachine]

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

[qcorporation]

@IanLee1521 thank you for logging the issue, the issue should be fixed with this code change: elastic/beats#38780

v8.13.2 has this problem, @IanLee1521 you'll have to update either to 8.13.3+ or 8.14 or 8.15
Marking this as closed - please reopen if you find this is not fixed.