Hi,
Ref. the ECS schema definition of the host field https://github.com/elastic/ecs/blob/master/schemas/host.yml
When running av mix of Beats and Syslog/UDP inputs to Logstash, the host field gets defined differently. Beats insists on storing the hostname in a host.name object key, while Logstash insists on using the host field as a string.
Try mixing the two and you get the error message:
object mapping for [host] tried to parse field [host] as object, but found a concrete value
I'd like to conform to one way of defining this field, no matter which input I'm using. One format to rule them all 
What is the correct way to handle the host field as of today and going forward? Should it be defined as an object or a string?