Good morning,
I have syslog with special fields. These logs are being processed by Elastic-Agent (Filebeat). I created some extra fields in the datastream with numeric data type. These fields are being filled by a KV-processor in the ingest pipeline. All working well.
But after the creation of a new index through the ‘Lifecycle’ policy, the datatype had been changed to ‘keyword’ and aggregation fails.
What’s the problem here?
Thanks,
Herman