Hi,
I am trying to understand how to define some static mapping, this is the log message that I have
Mar 12 17:27:16 dev-jenkins filebeat: 2020-03-12T17:27:16.768-0400#011INFO#011[monitoring]#011log/log.go:145#011Non-zero metrics in the last 30s#011{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":169260,"time":{"ms":17}},"total":{"ticks":267930,"time":{"ms":33},"value":267930},"user":{"ticks":98670,"time":{"ms":16}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":11},"info":{"ephemeral_id":"29de85a9-3829-48f3-9a37-83f35c65038e","uptime":{"ms":126930091}},"memstats":{"gc_next":10604144,"memory_alloc":9763784,"memory_total":7550838208},"runtime":{"goroutines":46}},"filebeat":{"events":{"added":1,"done":1},"harvester":{"files":{"ac2ff12a-149c-4962-9b61-9454123d53f3":{"last_event_published_time":"2020-03-12T17:26:53.726Z","last_event_timestamp":"2020-03-12T17:26:48.725Z","read_offset":1261,"size":1261}},"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":1,"batches":1,"total":1},"read":{"bytes":6},"write":{"bytes":1146}},"pipeline":{"clients":4,"events":{"active":0,"published":1,"total":1},"queue":{"acked":1}}},"registrar":{"states":{"current":2,"update":1},"writes":{"success":1,"total":1}},"system":{"load":{"1":0.01,"15":0.05,"5":0.02,"norm":{"1":0.005,"15":0.025,"5":0.01}}}}}}
as you can see is a Syslog message coming from the filebeat.
Let say I'd like to create a mapping based on this output and create the fields name on kibana, I should start to map the field like this
{
"properties": {
"monitoring.metrics.beat.cpu.system.ticks": {
"full_name" : "cpu.system.ticks",
"mapping": {
"type": "number"
}
},
"monitoring.metrics.beat.cpu.system.ticks.keyword": {
"full_name" : "cpu.system.ticks.keyword",
"mapping": {
"keyword" : {
"type": "keyword",
"ignore_above" : 256
}
}
}
}
}
am I right? of course not coz It is not working 
ao any idea about what am I missing?
Thanks