I would like to create an alert that follows:
"message: some search string"
When I create the alert and save it. I receive the following error
"Bulk Indexing of signals failed: object mapping for [source] tried to parse field [source] as object, but found a concrete value,object mapping for [host]"
Looks like, you index fields are not properly mapped. On what data is the alert trying to query?
@pcosic that is correct. I updated the version of filebeat. If anyone else runs into this issue they should note Breaking changes in 7.0 | Beats Platform Reference [7.13] | Elastic.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.