ECS expect `target` value

VamPikmin · July 1, 2022, 10:35pm

Hi Badger,

Thanks for your help!

I've tried it and the log message complains about the same thing:

[WARN ][logstash.filters.geoip   ][3_sflow] ECS expect `target` value `[source][geo][ip]` in ["client", "destination", "host", "observer", "server", "source"]

I'm not sure what format the ip fields should be in, can't really find an example.

I've tried renaming dst_ip and src_ip fields to source.ip and destination.ip - the reasoning behind is that filebeat netflow module uses this naming convention but no luck with that either.

I've seen this post already and if i disable ecs compatibility I'm guessing it will work, but I'd like to get it working with ECS, if possible

Topic		Replies	Views
Logstash ECS Compatiblity Issues Logstash	6	3127	June 6, 2022
GeoIP Filter in ECS-Compatiblity mode requires a `target` when `source` is not an `ip` sub-field, eg. [client][ip] Logstash	4	207	February 6, 2024
Using custom target for geoip filter, how to update Elasticsearch template? Logstash	7	753	April 21, 2018
[GEOIP] Get target value as geoip from json input Logstash	7	2144	December 26, 2017
No geopoint for destination.ip but latitude and longitude field - 7.10 Logstash	4	396	December 29, 2020

ECS expect `target` value

Related topics