Hello,
I am struggling to get a very basic ElasticStack / filebeat setup running.
Everything was ok while I was using 7.8.1, but since I upgraded to 7.9.0 the Beats have been creating conflicts in my indexes.
It's only a handful of them, but what I am seeing from Kibana compared to what I see on ECS field reference is different, and I don't understand why.
Typically, this is one of the 4 conflicts I've been stuck with for a while:
| Type | Index names |
|---|---|
| ip | filebeat-7.8.1-2020.09.02 |
| text | filebeat-7.9.0-2020.08.19, filebeat-7.9.0-2020.08.20, filebeat-7.9.0-2020.08.21, filebeat-7.9.0-2020.08.22, filebeat-7.9.0-2020.08.23, filebeat-7.9.0-2020.08.25, filebeat-7.9.0-2020.08.26, filebeat-7.9.0-2020.08.27, filebeat-7.9.0-2020.08.28, filebeat-7.9.0-2020.08.29, filebeat-7.9.0-2020.08.30, filebeat-7.9.0-2020.08.31, filebeat-7.9.0-2020.09.01, filebeat-7.9.0-2020.09.02 |
According to ECS, source.ip should be ip type, yet all 7.9.0 are returning text.
What am I missing here?