I recently upgrade from ELK 5 to 6 and today I added the logstash netflow to my system. It looks like everything went okay (but isn't). Netflow docs are being stored in elastic and the dashboards and visualizations are listed.
The issue is that all of the dashboards and visualizations throw errors like below...
Error : Saved "field" parameter is now invalid. Please select a new field.
Visualize: "field" is a required parameter
I have a feeling this is happening because I have an upgraded system but I really have no idea as I'm not an ELK expert.
Looking at the specific visualization i'm having a problem with it shows the netflow.bytes is searchable and aggregatable.
Is this a visualization that you exported/imported or is it one you created from scratch?
There's an open issue on GitHub about this error, and there are a few situations which can cause it, maybe something in that discussion will help: https://github.com/elastic/kibana/issues/9571
These were created by logstash. Looking at that link do I edit the visualizations and everywhere I see "source_name" and rename it to "source_name.keyword" ?
If so, is there a script that can do it? This would take a very long time as there are 78 visualizations that have to be fixed.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
