Hi all,
I'm new on ELK world, just playing around with ELK stack, did some tests wth latest stable ELK stack, including integration with suricata (ids) and cowrie (ssh honeypot) without any problem. Then i decided to play with ELK 5 alpha.
I'm running an clean CentOS 7 VM and installed elasticsearch, kibana and topbeat from RPMs.
Loaded beats 5 example dashboards too.
When i try to visualise topbeat dashboard i get:
Fielddata is disabled on text fields by default. Set fielddata=true on [beat.name] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory.
and so for proc.name and fs.device_name.
I believe it's not topbeat related but elasticsearch or kibana issue.
I searched where i cant "set fielddata=true" but i cant found nothing.
What i did wrong?
I dont have any kind of problem with packetbeat dashboards.
Anyone could help me?
Thanks