Hi. I am using the ELK with filebeat sending logs to elastic via suricata module. I have all configured but after some time the information on "discover" and "dashboard" just disappears. On the elastic and filebeat logs no error seems to appear. But if i do "systemctl status filebeat", the following error shows up.
' (status=400): {"type":"mapper_parsing_exception","reason":"failed to parse","caused_by":{"type":"illegal_argument_exception","reason":"Cannot write to a field alias [suricata.eve.flow.start]."}}