Elastic Agent with custom log integration

Hi @eleong Ok you ready to dig in :slight_smile:

So I suspect you have a mapping / parsing issue which means you are trying to put a a value into field that has a conflicting type. This can be a bit hard to debug, but I have done it many times so I am going to ask you to go along and trust me and I will explain here is a short explanation of what is happening (there are other version of this bug but this is a very common one)

If I have to guess I suspect you are trying to write a field like host or agent or something like that where there is already a mapping defined.

You could actually log into the server where the agent is find the filebeat logs and the mapping exception would be there... but there is another way.

So debug this I need

  1. Your actual pipeline the real one...

GET _ingest/pipeline/db2logs

  1. I need a sample JSON document from Discover... like one of the ones above that has not gone through the full pipeline.

Then we I / will simulate and test the pipeline and actually try to write a doc, it will produce a very specific error which we can then address.

Get me those and we will solve this.