Refresh field list added a lot of new unwanted fields

undelete · October 12, 2018, 11:10am

Hi,

I'm still very new at Elasticsearch. I am explicitly using the ArcSight Module with Logstash to populate my database and today I noticied that after update to 6.4.1 a field was missing in the index. I looked in management and index patterns (arcsight-*) and sourceUserName could not be found anymore. I pressed the button "Refresh field list" which actually made me see the field again, but it also added a myriad of fields that should not be there (fields that actually look like values). How can I fix this? Going back to the original ArcSight index. Thanks in advance!

undelete · October 18, 2018, 5:20am

Anyone? I guess it does not have to be related to the ArcSight Module, but more the button "Refresh field list" and the fields that went missing. How to restore without getting all the junk-fields?

system · November 15, 2018, 5:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.