Hey everyone,
Let me start this post off by saying I am a complete newbie in all of this and apologize in advance if the answer is staring me right in the face.
I'm setting up ELK to monitor our environment at work (so far only Server 2012R2 machines), and am running into an issue when looking at the collected data in Kibana. For instance, we have a Jira server we'll call RSS-JIRA01. When I look at the data that's being shipped from this server to our ELK server, I'm seeing that either Elasticsearch, Kibana, or one of the shippers is duplicating this data and displaying it as two separate computers - RSS and JIRA01, when really it's one machine, RSS-JIRA01.
I've done some hunting around on Google and what I'm seeing is that this issue points to Elasticsearch's mapping, and that I need to use a multi-field (seen in this discussion thread: https://github.com/elastic/kibana/issues/190), but after digging around in all of Elasticsearch, Kibana, and all of my shippers' config files, I have no idea at all where to edit this setting.
Can anybody point me in the right direction here? I'm completely lost. Thanks!
-Ben