ES field names are like "dns.question, dns.question.type,dns.answers"
(DNS Fields | Elastic Common Schema (ECS) Reference [8.16] | Elastic)|" (DNS Fields | Elastic Common Schema (ECS) Reference [8.16] | Elastic)
but while im converting my raw data to ecs fields by "grok" im getting error.
grok doesn't support "." in fields names, since it denotes objects.
i tried escaping special character . by .(in grok expression), still facing parsing issue
also, but all ecs fields are with . only. i am editing this in my kibana console - ingest pipeline. how to fix this issue?