{ASK} Filebeat 6.2 prospector (document_type)

yrizal · February 27, 2018, 8:50am

ELK 5.6.8
Filebeat 6.2.1
I have question,
For filebeat 6.2.1 on the prospector -> document_type is still used or not

- field:
    tags:
      - SuricataIDPS
      - JSON
    document_type: suricataIDPS
  fields_under_root: true
  type: log
  paths:
    - /var/log/suricata/*/eve.json*

ruflin · March 2, 2018, 1:25am

document_type was removed in 6.0.

You can still set document_type inside fields if you want. It seems above you use field instead of fields.

system · March 30, 2018, 1:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Upgrade 1.3.0 -> 5.6.4: deprecated document_type use fileds Beats filebeat	3	1674	December 11, 2017
Filebeat set default document_type globally for all propectors? Beats	2	535	November 3, 2016
Filebeat 6.0.0 prospectors and fields Beats filebeat	3	658	January 4, 2018
Recommended way of telling Logstash type of logs Beats filebeat	2	806	February 8, 2018
Document Type in version 6.1.0 Logstash	2	1496	February 3, 2018

{ASK} Filebeat 6.2 prospector (document_type)

Related topics