[journald] ECS conflicts with host.ip and source.ip fields #9690
Labels
Integration:journald
Custom Journald logs
Team:Elastic-Agent-Data-Plane
Label for the Agent Data Plane team [elastic/elastic-agent-data-plane]
Comments
jamiehynds
added
the
Team:Elastic-Agent-Data-Plane
|
Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane) |
|
@belimawr it looks like a good candidate to add to elastic/beats#37086 |
Inded it is, I'll add it to the list of tasks there. |
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey,
after installing the Journald integration in my 8.12.1 Kibana / Fleet, I saw mapping conflicts in the logs-* Data View. The data quality dashboard shows these issues as well:
Journald integration uses the logs-logs dataset, and it seems to lack mappings for the fields
source.ipandhost.ipin the package component template.Indeed, https://github.com/elastic/integrations/blob/main/packages/journald/fields/ecs.yml seems to be missing the references to source.ip / host.ip. I'm not sure if this is the correct place to add them though.
The text was updated successfully, but these errors were encountered: