I’m currently doing a full analysis of all the attributes I’m receiving through the default setup of the Vision One integration (Trend Micro) in Elasticsearch. While reviewing the data, I started wondering:
How can I map only the attributes I’m really interested in from this integration and ensure that this mapping remains consistent?
I’d like to optimize the integration to focus only on the data that’s useful for my needs, but I’m unsure if this is the best approach.
Does it make sense to customize the mapping this way, or is it better to stick with the default setup? What would you recommend based on your experience?
Hi @cyberm Relating to your other post (and do we really need 2 seperate threads perhaps we should close one
Look at
and caution...
WARNING!
Custom index mappings may conflict with the mappings defined by the integration and may break the integration in Kibana. Do not change or customize any default mappings.
When you install an integration, Fleet creates two default @custom component templates:
A @custom component template allowing customization across all documents of a given data stream type, named following the pattern: <data_stream_type>@custom.
A @custom component template for each data stream, named following the pattern: <name_of_data_stream>@custom.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.