Using Journalbeat, logstash and elasticsearch version 7.6.0 we are getting bulk indexing errors due to an incompatibility with the ECS schema
Journalbeat appears to be outputting container.image as a concrete value whereas ecs defines it as object with 2 fields - container.image.name and container.image.tag
Is this a known issue ?
Hey @bbailey,
Thanks for reporting this. Could you please share the configuration you are using in journalbeat, and an example event with the container.image field?
No problem, I'll see what I can share with you tomorrow.
This is opened as an issue in github now
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.