I have Filebeat configured with defender atp module and am seeing very few valid records coming into Elasticsearch. Most records contain the following
cannot access method/field [length] from a null def reference
Can anyone provide insight as to why I am seeing this?
Filebeat 7.17.0
Elasticsearch 8.8.0
Could this possibly due to strict json parsing being set to true by default?
strict_json_parsing
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.