Closed chris-counteractive closed 4 years ago
The processor for converting Severity to ECS event.severity converts it to the wrong type (string), when elasticsearch expects long, causing parsing errors.
string
long
Simplest fix is to remove the conversion in _meta/beat.yml. Could consider a mapping to a numeric value, but that'd be arbitrary and subject to future incompatibility.
_meta/beat.yml
The processor for converting Severity to ECS event.severity converts it to the wrong type (
string), when elasticsearch expectslong, causing parsing errors.Simplest fix is to remove the conversion in
_meta/beat.yml. Could consider a mapping to a numeric value, but that'd be arbitrary and subject to future incompatibility.