Hello all,
I had some issues when upgrading to 7.9.3 that I had to upgrade to 7.10 and unfortunately I had to delete my "filebeat-*" index pattern.
After recreating the filebeat-* index pattern, I am now unable to update the fields. When I click 'Refresh field list' nothing happens and I only see 1100 as the count of fields.
Specifically, I am trying to ingest Cisco ASA syslog and those fields which are being decoded by my Grok patterns files are not being dynamically added as fields in my index.
I did some searching and added these settings in my filebeat.yml:
setup.template.enabled: true
setup.template.overwrite: true
setup.template.append_fields:
- name: cisco.asa
type: group
dynamic: true
Specifics of my configuration: 1) use the Cisco module 2) send my filebeat to logstash because I want to clean-up some events and utilize ASA Grok Patterns
Any help would be appreciated.
Regards,
~Jai