I can think of a processing pipeline that checks the field dst_port not beeing a number and then rename it - or write a debug log entry in the graylog server.log that contains the message source (and then delete the message).
Something like the following (this is untested!)
rule "dst_port_not_long"
when
has_field("dst_port") AND
to_long($message.dst_port) == 0
then
rename_field("dst_port", "dst_port_nn")
end