Hello,
I'm using ELK + Kafka.
Version : 7.6.2
I'm monitoring Windows machines with Metricbeat and the perfmon module to get some counters.
Here are some counters pulled (a lot of NTDS counters actually, just an example) :
windows.perfmon.logicaldisk.avg.disk.sec.write
windows.perfmon.logicaldisk.disk.read.bytes.sec
windows.perfmon.ntds.dirsync.sessions.inprogress
The problem is that some counters are initiated as "long" type, whereas it should be "float".
So I decided to delete all the data and the index ; configure dynamic Mapping with a template that match "metricbeat-*".
Here is the dynamic mapping i'm trying :
{
"windows.perfmon.*": {
"unmatch": "windows.perfmon.instance.name",
"match": "windows.perfmon.*",
"mapping": {
"type": "float"
},
"match_mapping_type": "*"
}
}
Unfortunately, when I'm starting the metricbeat agents and gathering some data, the type of the windows.perfmon.* counters are sometimes float or long ...
GET metricbeat-2020.07.29/_mapping/field/windows.perfmon.ntds.*
...
"windows.perfmon.ntds.ds.client.name.translations.sec" : {
"full_name" : "windows.perfmon.ntds.ds.client.name.translations.sec",
"mapping" : {
"sec" : {
"type" : "long"
}
}
},
"windows.perfmon.ntds.ab.client.sessions" : {
"full_name" : "windows.perfmon.ntds.ab.client.sessions",
"mapping" : {
"sessions" : {
"type" : "long"
}
}
},
...
I would love to use the dynamic mapping feature, cause it's clearly easier to manage current and future mappings ...
I would like to avoid to do a "hard" mapping with each counters I'm pulling (200+ counters)
Any Help is appreciated 
Luc