Hello everyone, after I tried to install elastic on a new vm, I realized that there were several fields that did not appear when I used the discovery feature, the field that did not appear was “destination.port”, has anyone experienced this? and how to solve this problem? thanks before 
Can you share the index mapping?
GET index_name
Im sorry im new in elasticsearch, there are many index names, which index name should I "GET" ?
Create whichever index you need to use. Does your data source have a field called destination.port?
Sorry, I just understood, after I searched the index that I used, it was like this :
{
".ds-logs-nginx.access-default-2025.01.08-000001": {
"aliases": {},
"mappings": {
"_meta": {
"managed_by": "fleet",
"managed": true,
"package": {
"name": "nginx"
}
},
"_data_stream_timestamp": {
"enabled": true
},
"dynamic_templates": [
{
"ecs_timestamp": {
"match": "@timestamp",
"mapping": {
"ignore_malformed": false,
"type": "date"
}
}
},
{
"ecs_message_match_only_text": {
"path_match": [
"message",
"*.message"
],
"unmatch_mapping_type": "object",
"mapping": {
"type": "match_only_text"
}
}
},
{
"ecs_non_indexed_keyword": {
"path_match": "*event.original",
"mapping": {
"doc_values": false,
"index": false,
"type": "keyword"
}
}
},
{
"ecs_non_indexed_long": {
"path_match": "*.x509.public_key_exponent",
"mapping": {
"doc_values": false,
"index": false,
"type": "long"
}
}
},
{
"ecs_ip": {
"path_match": [
"ip",
"*.ip",
"*_ip"
],
"match_mapping_type": "string",
"mapping": {
"type": "ip"
}
}
},
{
"ecs_wildcard": {
"path_match": [
"*.io.text",
"*.message_id",
"*registry.data.strings",
"*url.path"
],
"unmatch_mapping_type": "object",
"mapping": {
"type": "wildcard"
}
}
},
{
"ecs_path_match_wildcard_and_match_only_text": {
"path_match": [
"*.body.content",
"*url.full",
"*url.original"
],
"unmatch_mapping_type": "object",
"mapping": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"type": "wildcard"
}
}
},
{
"ecs_match_wildcard_and_match_only_text": {
"match": [
"*command_line",
"*stack_trace"
],
"unmatch_mapping_type": "object",
"mapping": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"type": "wildcard"
}
}
},
{
"ecs_path_match_keyword_and_match_only_text": {
"path_match": [
"*.title",
"*.executable",
"*.name",
"*.working_directory",
"*.full_name",
"*file.path",
"*file.target_path",
"*os.full",
"*email.subject",
"*vulnerability.description",
"*user_agent.original"
],
"unmatch_mapping_type": "object",
"mapping": {
"fields": {
"text": {
"type": "match_only_text"
}
},
"type": "keyword"
}
}
},
{
"ecs_date": {
"path_match": [
"*.timestamp",
"*_timestamp",
"*.not_after",
"*.not_before",
"*.accessed",
"created",
"*.created",
"*.installed",
"*.creation_date",
"*.ctime",
"*.mtime",
"ingested",
"*.ingested",
"*.start",
"*.end",
"*.indicator.first_seen",
"*.indicator.last_seen",
"*.indicator.modified_at",
"*threat.enrichments.matched.occurred"
],
"unmatch_mapping_type": "object",
"mapping": {
"type": "date"
}
}
},
{
"ecs_path_match_float": {
"path_match": [
"*.score.*",
"*_score*"
],
"path_unmatch": "*.version",
"unmatch_mapping_type": "object",
"mapping": {
"type": "float"
}
}
},
{
"ecs_usage_double_scaled_float": {
"path_match": "*.usage",
"match_mapping_type": [
"double",
"long",
"string"
],
"mapping": {
"scaling_factor": 1000,
"type": "scaled_float"
}
}
},
{
"ecs_geo_point": {
"path_match": "*.geo.location",
"mapping": {
"type": "geo_point"
}
}
},
{
"ecs_flattened": {
"path_match": [
"*structured_data",
"*exports",
"*imports"
],
"match_mapping_type": "object",
"mapping": {
"type": "flattened"
}
}
},
{
"all_strings_to_keywords": {
"match_mapping_type": "string",
"mapping": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
{
"strings_as_keyword": {
"match_mapping_type": "string",
"mapping": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
],
"date_detection": false,
"properties": {
"@timestamp": {
"type": "date",
"ignore_malformed": false
},
"_tmp": {
"type": "object"
},
"agent": {
"properties": {
"ephemeral_id": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"cloud": {
"properties": {
"image": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"data_stream": {
"properties": {
"dataset": {
"type": "constant_keyword",
"value": "nginx.access"
},
"namespace": {
"type": "constant_keyword",
"value": "default"
},
"type": {
"type": "constant_keyword",
"value": "logs"
}
}
},
"ecs": {
"properties": {
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"elastic_agent": {
"properties": {
"id": {
"type": "keyword",
"ignore_above": 1024
},
"snapshot": {
"type": "boolean"
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"error": {
"properties": {
"message": {
"type": "match_only_text"
}
}
},
"event": {
"properties": {
"agent_id_status": {
"type": "keyword",
"ignore_above": 1024
},
"category": {
"type": "keyword",
"ignore_above": 1024
},
"created": {
"type": "date"
},
"dataset": {
"type": "constant_keyword",
"value": "nginx.access"
},
"ingested": {
"type": "date",
"format": "strict_date_time_no_millis||strict_date_optional_time||epoch_millis",
"ignore_malformed": false
},
"kind": {
"type": "keyword",
"ignore_above": 1024
},
"module": {
"type": "constant_keyword",
"value": "nginx"
},
"outcome": {
"type": "keyword",
"ignore_above": 1024
},
"timezone": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"host": {
"properties": {
"architecture": {
"type": "keyword",
"ignore_above": 1024
},
"containerized": {
"type": "boolean"
},
"hostname": {
"type": "keyword",
"ignore_above": 1024
},
"id": {
"type": "keyword",
"ignore_above": 1024
},
"ip": {
"type": "ip"
},
"mac": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"os": {
"properties": {
"build": {
"type": "keyword",
"ignore_above": 1024
},
"codename": {
"type": "keyword",
"ignore_above": 1024
},
"family": {
"type": "keyword",
"ignore_above": 1024
},
"kernel": {
"type": "keyword",
"ignore_above": 1024
},
"name": {
"type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"platform": {
"type": "keyword",
"ignore_above": 1024
},
"type": {
"type": "keyword",
"ignore_above": 1024
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"http": {
"properties": {
"request": {
"properties": {
"method": {
"type": "keyword",
"ignore_above": 1024
},
"referrer": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"response": {
"properties": {
"body": {
"properties": {
"bytes": {
"type": "long"
}
}
},
"status_code": {
"type": "long"
}
}
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"input": {
"properties": {
"type": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"log": {
"properties": {
"file": {
"properties": {
"path": {
"type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},
"offset": {
"type": "long"
}
}
},
"nginx": {
"properties": {
"access": {
"properties": {
"remote_ip_list": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"related": {
"properties": {
"ip": {
"type": "ip"
},
"user": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"source": {
"properties": {
"address": {
"type": "keyword",
"ignore_above": 1024
},
"as": {
"properties": {
"number": {
"type": "long"
},
"organization": {
"properties": {
"name": {
"type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
}
}
},
"geo": {
"properties": {
"city_name": {
"type": "keyword",
"ignore_above": 1024
},
"continent_name": {
"type": "keyword",
"ignore_above": 1024
},
"country_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"country_name": {
"type": "keyword",
"ignore_above": 1024
},
"location": {
"type": "geo_point"
},
"region_iso_code": {
"type": "keyword",
"ignore_above": 1024
},
"region_name": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"ip": {
"type": "ip"
}
}
},
"tags": {
"type": "keyword",
"ignore_above": 1024
},
"url": {
"properties": {
"domain": {
"type": "keyword",
"ignore_above": 1024
},
"extension": {
"type": "keyword",
"ignore_above": 1024
},
"fragment": {
"type": "keyword",
"ignore_above": 1024
},
"original": {
"type": "wildcard",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"path": {
"type": "wildcard"
},
"port": {
"type": "long"
},
"query": {
"type": "keyword",
"ignore_above": 1024
},
"scheme": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"user": {
"properties": {
"name": {
"type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},
"user_agent": {
"properties": {
"device": {
"properties": {
"name": {
"type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
}
}
},
"name": {
"type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"original": {
"type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"os": {
"properties": {
"full": {
"type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"name": {
"type": "keyword",
"fields": {
"text": {
"type": "match_only_text"
}
}
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
},
"version": {
"type": "keyword",
"ignore_above": 1024
}
}
}
}
},
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": "1000",
"ignore_dynamic_beyond_limit": "true"
},
"ignore_malformed": "true"
},
"hidden": "true",
"provided_name": ".ds-logs-nginx.access-default-2025.01.08-000001",
"final_pipeline": ".fleet_final_pipeline-1",
"creation_date": "1736327129016",
"number_of_replicas": "1",
"uuid": "woSxXBaLSUqHUKipZcsbiQ",
"version": {
"created": "8521000"
},
"lifecycle": {
"name": "logs"
},
"codec": "best_compression",
"routing": {
"allocation": {
"include": {
"_tier_preference": "data_hot"
}
}
},
"number_of_shards": "1",
"default_pipeline": "logs-nginx.access-1.24.0"
}
},
"data_stream": "logs-nginx.access-default"
}
}
So previously, the elastic that I used had "destination.port" data, because there were other needs I wanted to install this elastic in a new vm, but in this new vm this "destination port" field exists but the data is not flowing, when I look at the stackmanagement dataview, this "destination port" field exists but the status is : Value not set
If you are using elastic agent Nginx Integration | Elastic integrations | Elastic there must be destination.port field in the mapping. If not please start from strach and use elastic agent with nginx integration. This will solve your issue.