Index fields with keyword

Jan_Kaspar · June 30, 2019, 5:43pm

Hi All,

I made upgrade of ELK 7.1.1 to ELK 7.0. I upgraded also one of 10 metrcibeat from 7.1.1 to 7.2.

upgraded host disappear from build in visualize Top Hosts By CPU (Realtime) [Metricbeat System] ECS.

I fouind that it is caused in group by section in By field. There was host.name and it works for all 7.1.1 and now upgraded server have field host.name.keyword. How to solve this?

default output in metrixbeat is logstash. logstash is configured by ths way:

hosts => ["192.168.5.5:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"

Thanks

Jan

Marius_Dragomir · July 5, 2019, 1:54pm

You can edit the visualization and change from the host.name to host.name.keyword or you can use the mutate filter in Logstash to copy the field to the missing one:
https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html

But these would be ugly fixes, i'd recommend you upgrade all metricbeat instancesto the same version and then do the dashboard setup with the new 7.2 dashboards.

system · August 2, 2019, 1:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to build kibana visualization with analyzed fields Kibana	5	346	April 24, 2018
Host.hostname field_data issue with SIEM and auditbeat SIEM	1	431	May 5, 2020
Missing fields in Kibana Elasticsearch	2	442	January 16, 2021
Metricbeat upgrade to 6.5.1 removes the host from Kibana dashboards and visualisations Beats metricbeat	3	369	December 24, 2018
Host metadata not parsing out correctly in ElasticSearch Kibana	4	449	September 17, 2018

Index fields with keyword

Related topics