I pick up elastic security events, add one field and want to write them into a separate index? How can I do this? I constantly encounter mapping problems; I can’t extract mapping from the built-in indexes and add it to my template.
Hi @vhs, can you provide some more details about the problem you're facing? If I understand correctly it sounds like there are two separate issues - first, where to put the logic for picking up the events and writing another document to a separate index for each event, and secondly how to extract the mappings and add them to your separate index. Is that correct?
Some details that would help us understand better are:
- What integration are the elastic security events coming from?
- What information do you want to add into the extra field?
- What errors are you encountering when trying to extract the mappings and add them to your own index template?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.