ECS expect `target` value

VamPikmin · July 1, 2022, 10:35pm

Hi Badger,

Thanks for your help!

I've tried it and the log message complains about the same thing:

[WARN ][logstash.filters.geoip   ][3_sflow] ECS expect `target` value `[source][geo][ip]` in ["client", "destination", "host", "observer", "server", "source"]

I'm not sure what format the ip fields should be in, can't really find an example.

I've tried renaming dst_ip and src_ip fields to source.ip and destination.ip - the reasoning behind is that filebeat netflow module uses this naming convention but no luck with that either.

I've seen this post already and if i disable ecs compatibility I'm guessing it will work, but I'd like to get it working with ECS, if possible

Topic		Replies	Views
Logstash ECS Compatiblity Issues Logstash	6	3108	June 6, 2022
GeoIP Filter in ECS-Compatiblity mode requires a `target` when `source` is not an `ip` sub-field, eg. [client][ip] Logstash	4	197	February 6, 2024
No geopoint for destination.ip but latitude and longitude field - 7.10 Logstash	4	396	December 29, 2020
Geo point for new ECS mapped Geo fields using JDBC Logstash	7	386	May 31, 2021
SIEM Network Map Errors Elastic Security ecs-elastic-common-schema	2	437	April 13, 2021

ECS expect `target` value

Related Topics