Inquiries about warning fields

inwoo1 · May 2, 2022, 1:43am

As you can see, I am going to set up an Alert, and I
The field name you set is not visible.
Fields starting with iso. are not visible, and fields starting with the changed forti_ are not visible.
How can I make this field name selectable in Alert settings?

  mutate { 
    rename => { 
        "iso.org.dod.internet.private.enterprises.12356.101.4.1.22.0" => "forti_fw_uptime" 
        "iso.org.dod.internet.private.enterprises.12356.101.4.1.3.0" => "forti_fw_use_cpu" 
        "iso.org.dod.internet.private.enterprises.12356.101.4.1.4.0" => "forti_fw_use_memory" 
        "iso.org.dod.internet.private.enterprises.12356.101.4.1.8.0" => "forti_fw_sessioncount" 
    } 
  }

system · May 30, 2022, 1:44am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Missing Fields when Creating Alert in Kibana Kibana elastic-stack-alerting	4	1285	July 27, 2021
Alert Message Data Kibana 8.3 Kibana elastic-stack-alerting	1	331	November 2, 2022
No fields available when creating logs threshold alert in Kibana Kibana elastic-stack-alerting	2	416	February 2, 2023
Remove or Hide Kibana and Signal fields in Elastic Security Endpoint Security	9	1214	February 23, 2022
No cached mapping for this field! Kibana	6	3327	November 12, 2021

Inquiries about warning fields

Related topics