Hi all,
I am just testing Elastic Stack 7.4.2 with SIEM.
I am using Filebeat module system and cisco.
When using "filebeat-*" as index pattern, kibana tells me, that there is a mapping conflict. The conflicting field is "source.ip"
I am already dividing the data in indeces like "filebeat-yyyy.mm.dd" and "cisco-asa-yyyy.mm.dd" but the probleme here is, that the imported dashboards are not working with the cisco indeces.
Anybody an idea, how to solve this?
Cheers,
Marcus