I have the full ELK cluster experience with Filebeat sending logst to Logstash and there I do all my processing. I very recently learned that in order to have nested fields you should write "[host][name]" rather than "host.name" as I was doing. I learned all that from this webinar: Integrating custom logs with ECS for Elastic SIEM | Elastic Videos. So I was very happy to learn that I could actually use the SIEM for my own logs, I changed the format for the logstash filters accordingly and now I see the SIEM is actually doing something. However it gives me the following errors:
I've been trying to find out what they meant and found nothing anywhere. My guess is that I'm missing something in my logstash filters regarding the parameterization, but I don't see what it is since I've followed the same ideas the guy from the webinar talks about.
Any help with this issue? I could provide further information regarding my pipeline in logstash if necessary.