I have Filebeat configured with defender atp module and am seeing very few valid records coming into Elasticsearch. Most records contain the following
cannot access method/field [length] from a null def reference
Can anyone provide insight as to why I am seeing this?
Filebeat 7.17.0 Elasticsearch 8.8.0
Could this possibly due to strict json parsing being set to true by default?
strict_json_parsing
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.