I'm trying to add an additional template to elasticsearch to parse the dns packetbeat. The template adds an additional package analysis field.
-XPUT HTTP://localhost:9200/_template/packetbeat-* -d@packetbeat-dns-template.json
result
{"acknowledged":true}
When you start a kiban and choose a strategy, it determines this field in the list
But in the future when you visualize and aggregate the records of the table of this field is not in the list.As I understand it, I need to check the aggregation check box, but how do I do this?