I'm hoping this is posted in the correct place. I believe the AWS mappings in the Fleet Integration are missing a mapping for event.created. I am ingesting Cloudtrail logs via Fleet and I'm getting errors stating the field has been stored as a Keyword.
If I check the Mappings in the Index Template I can't see a mapping for the event.created field, where if I check Azure (which I also have working), it does define event.created as a data.
As both Azure and AWS go in to the logs-* index pattern it causes a conflict.
As shown below, the aws.cloudtrail dataset on Elastic 7.14.1 (current as of typing) has an error for event.created.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
