Hello
We have this strange situation where logs that have certain fields like
source.ip,source.port etc(see attached) get extra fields created
eg. event.module:iis OR nginx will show fields named suricata.eve.dest_ip and traefik.access.user_agent.device.
Any idea how to disable/stop this?
Thanks
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
