Auditbeat's process module produces error in Kibana for field [process.created]

I am using auditbeat 7.5.2 (I also tried with autibeat 7.5.1). Auditbeat sends
data to logstash and logstash to elasticsearch.

This is how the beats input in logstash is configured:

input {
if 1 == 1 {
beats {
id => 'beat-input'
port => 5044
host => '192.168.1.4'
ssl => true
ssl_certificate => '/etc/logstash/certs/beat_input/logstash.crt'
ssl_certificate_authorities => '/etc/logstash/certs/beat_input/ca.crt'
ssl_key => '/etc/logstash/certs/beat_input/logstash.p8'
ssl_verify_mode => 'force_peer'
}
}
}

In auditbeat I have enabled the process module. When I go to kibana and search
for agent.type = auditbeat and event.module = process, then I receive an
error:

1 of 41 shards failed
Type: illegal_argument_exception
Reason: Field [process.created] of type [keyword] does not support custom formats

Some records do get returned. But none of them have a process.created field.
I also checked auditbeat's template that I have inserted into elasticsearch and
there is no such field there either.

How could I eliminate this error?

I am not doing any custom index field or template work. I am just using what is
already there. Am I doing sth wrong?

Is this a bug I should report?

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.