Hi Jochen,
i don’t wanna be rude, and i hope it will not sound like i’m rude.
but here is the thing, this is the 2nd time you are replying me, that a workarround is logstash. i know that works till the logstash server crashes or something happens to it.
but then again, if i would want to extensively use logstash for feeding graylog i won’t use graylog at all, i would use ELK right? because if i would run logstash it’s better to runn it kibana and not graylog.
I understand that Graylog is free, and with free support I really appreciate this, but the thing is that if you put a plugin in graylog and you say it should work, then it should work 
i also understand that no vendor want’s to work too much with Graylog team, because they can’t really partner with you for “money” reasons, they choose often to partner with those which sell products to create more money, this is how the industry works.
Anyway if you can’t fix that netflow plugin that is ok, but if graylog team would manage to fix it or somebody else it would be really nice.
More than this it seems i’m not the only one which complained about the netflow issue when ASA sends the netflow logs…
you can find the pcap link here https://drive.google.com/file/d/1lBE54ACuIlyYNAWARBhJA7AVsNXA7lc2/view?usp=sharing
Thanks,
Marius.