Hi team,
I need some help regarding some fields that are being removed from one version to another. I am using ES 7.13.2. Some fields from this Zeek module/pipeline were available under older ES/ ECS versions, that are currently not available anymore. I am using Zeek 4.0.0
Unavailable fields:
Zeek. Connection: temp.duration, zeek.connection.local_orig and zeek.connection.local_resp
Other: network.bytes, network.packets and network.direction that were used in conn, dce/rpc, dns, http, ssl, smtp, x509 etc
How can I make them visible in pipeline? Just to really understand the situation, I have some charts that are using those fields and while migrating my arhitecture to last version I loose my chart functionality.
Could you please advise about how can I make them visible in the default pipelines?
Thank you for your answer!