I am trying to use copy_to to copy the values of multiple fields into a group field so that it can then be queried as a single field. I found this link copy_to | Elasticsearch Reference [7.12] | Elastic , but when I try to do it in the dev tools it doesn't work with my filebeat index. I tried it with it already index and without it being indexed. Then I tried loading in the json template into the filebeat.yml and that also did not work.
I also found this link Copy fields | Filebeat Reference [7.12] | Elastic, but this doesn't do the groups. Any ideas on how I could accomplish this could be great.