Index fields with keyword

Jan_Kaspar · June 30, 2019, 5:43pm

Hi All,

I made upgrade of ELK 7.1.1 to ELK 7.0. I upgraded also one of 10 metrcibeat from 7.1.1 to 7.2.

upgraded host disappear from build in visualize Top Hosts By CPU (Realtime) [Metricbeat System] ECS.

I fouind that it is caused in group by section in By field. There was host.name and it works for all 7.1.1 and now upgraded server have field host.name.keyword. How to solve this?

default output in metrixbeat is logstash. logstash is configured by ths way:

hosts => ["192.168.5.5:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"

Thanks

Jan

Marius_Dragomir · July 5, 2019, 1:54pm

You can edit the visualization and change from the host.name to host.name.keyword or you can use the mutate filter in Logstash to copy the field to the missing one:
https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html

But these would be ugly fixes, i'd recommend you upgrade all metricbeat instancesto the same version and then do the dashboard setup with the new 7.2 dashboards.

system · August 2, 2019, 1:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.