{ASK} Filebeat 6.2 prospector (document_type)

yrizal · February 27, 2018, 8:50am

ELK 5.6.8
Filebeat 6.2.1
I have question,
For filebeat 6.2.1 on the prospector -> document_type is still used or not

- field:
    tags:
      - SuricataIDPS
      - JSON
    document_type: suricataIDPS
  fields_under_root: true
  type: log
  paths:
    - /var/log/suricata/*/eve.json*

ruflin · March 2, 2018, 1:25am

document_type was removed in 6.0.

You can still set document_type inside fields if you want. It seems above you use field instead of fields.

Topic		Replies	Views
Document_type is being ignored Beats filebeat	5	4517	December 28, 2017
Upgrade 1.3.0 -> 5.6.4: deprecated document_type use fileds Beats filebeat	3	1707	December 11, 2017
Document Type in version 6.1.0 Logstash	2	1521	February 3, 2018
Filebeat set default document_type globally for all propectors? Beats	2	556	November 3, 2016
Filebeat 6.0.0 prospectors and fields Beats filebeat	3	689	January 4, 2018

{ASK} Filebeat 6.2 prospector (document_type)

Related topics