SIEM (Kibana) not working with some errors

I have the full ELK cluster experience with Filebeat sending logst to Logstash and there I do all my processing. I very recently learned that in order to have nested fields you should write "[host][name]" rather than "" as I was doing. I learned all that from this webinar: Integrating custom logs with ECS for Elastic SIEM | Elastic Videos. So I was very happy to learn that I could actually use the SIEM for my own logs, I changed the format for the logstash filters accordingly and now I see the SIEM is actually doing something. However it gives me the following errors:

I've been trying to find out what they meant and found nothing anywhere. My guess is that I'm missing something in my logstash filters regarding the parameterization, but I don't see what it is since I've followed the same ideas the guy from the webinar talks about.

Any help with this issue? I could provide further information regarding my pipeline in logstash if necessary.

I kind of fixed this by making sure I was properly defining "" and "source.ip" as nested fields; after that I began seeing the SIEM full of hosts and the basic data. I'm also seeing a lot of conflicts in the index patterns since "source.ip" is now an IP rather than String, which is good.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.