Hello,
I am using ELK with version 6.1.1. I am facing problem with elastic search fields which are coming in log lines. One of my fields having identity as fieldname and fieldname.keyword (handled by Elastic search automatically) is not giving data in visualisations with both field i.e. whenever i am going to find data of fieldname so some data is given by fieldname and remaining is given by fieldname.keyword. As it was already deployed and working properly at one machine so after taking snapshot from that machine i have successfully restored my complete log line data and also dashboards and visualisations on another machine of same Ubuntu OS so log data are visible to me completely . So for new data after complete setup and configurations same as before with same version of filebeat, logstash, elasticsearch and kibana i.e. 6.1.1 (for all of them), i want to get my data as i can aggregate by fieldname as before. So i am hardly needed to aggregate by fieldname (not by fieldname.keyword) in visualisations and want to get complete data of complete log lines in visualisations which is not giving by elastic search.
