Hi,
looking at: Log Fields | Elastic Common Schema (ECS) Reference [8.11] | Elastic
I found that for example: log.origin.XXX fields should be "extended".
But when I look in Kibana onto logs for example ingested from /opt/Elastic/Endpoint/state/log/endpoint-000137.log
In Discover, I see the field type as a ? (unknown field)
The latest ECS schema from link above is 8.11, however, the respective log entries in Kibana show ecs.version: 8.10.0
Looking at Index Template: "logs-elastic_agent.endpoint_security", which I think is the one in question that's used, I don't see the log.origin.... fields in any of the component templates defined.
I'm using ELK stack and Agent 8.14.2.
The link above only has the latest 8.11, can't check how it looked alike 8.10.0?
Is there anything wrong with my installation, can I fix it, or does the integration needs an update to properly map these fields?
Sebastian