Hello,
I noticed a lot of Elastic Agent log fields have a question mark and seem unmapped. Imho it would be useful if we can aggregate on these fields. Could the mapping please be updated so these fields can be used properly?
For example in .ds-logs-elastic_agent.filebeat-default-2024.05.30-000037
Willem
What is the integration that you are using? Did the question mark still persists after a refresh?
This normally happens when you are seeing in discover and the field has not appeared before in the data view, but a refresh would fix it.
These the builtin logs of the Elastic Agents
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
