Pipeline has lesser fields than Filebeat directly to Elasticsearch

Automation_Scripts · April 1, 2021, 4:04pm

Hi team,

I have a pipeline like this: filebeat =>kafka =>logstask=>elasticsearch (ELK7.12)

Why I have a smaller amounts of fileds than filebeat directly =>elasticsearch (ELK7.11.1)

Whenever I check the fields from ECS seems that even the default dashboards from Filebeat -Zeek are not finding correctly all the fields from ECS.

The new version 7.12 ships with smaller fields synchronisation for modules?

Thank you!

system · April 29, 2021, 4:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
From Filebeat to Logstash (and next to Elasticsearch) - pipeline processing Beats filebeat	3	237	January 27, 2023
Beats>LS>ES vs LS-file>ES (Performance) Beats	1	381	September 12, 2017
Filebeat lotstash output and 'exported fields' Beats filebeat	4	1790	March 16, 2018
Re: Filebeat > Kafka > Logstash > ElasticSearch Logstash	5	1927	September 26, 2017
Problem with pipeline, grok and dashboards Beats filebeat	8	534	January 27, 2022