Hi team,
I have a pipeline like this: filebeat =>kafka =>logstask=>elasticsearch (ELK7.12)
Why I have a smaller amounts of fileds than filebeat directly =>elasticsearch (ELK7.11.1)
Whenever I check the fields from ECS seems that even the default dashboards from Filebeat -Zeek are not finding correctly all the fields from ECS.
The new version 7.12 ships with smaller fields synchronisation for modules?
Thank you!