ELK 5.6.8
Filebeat 6.2.1
I have question,
For filebeat 6.2.1 on the prospector -> document_type is still used or not
- field:
tags:
- SuricataIDPS
- JSON
document_type: suricataIDPS
fields_under_root: true
type: log
paths:
- /var/log/suricata/*/eve.json*
document_type was removed in 6.0.
You can still set document_type inside fields if you want. It seems above you use field instead of fields.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.