Hi, sorry to see you're having trouble getting your data to be displayed in the SIEM app.
I am assuming from your dev tool screen shots that you are using Filebeat. Is this correct?
I see from another post that you were using NetFlow data from pfsense. Is this the same situation?
Sorry to go back to the start, but can you tell us how you set up Filebeat to send data to your cluster? Did you enable the NetFlow module per the typical process shown below?
If so, you should not have to manually adjust the Elasticsearch index mappings.
Also, is it possible for you to send a screen shot of one of your NetFlow documents taken from Kibana Discover? (Please be sure not to include any confidential information). We'd like to see what fields are included and their datatypes.