search

elastic / integrations

Elastic Integrations
https://www.elastic.co/integrations
Other
194 stars 417 forks source link

elastic_agent integration: service.name not mapped correctly #10447

Open flash1293 opened 1 month ago

flash1293 commented 1 month ago

The elastic_agent integration is setting dynamic: false on all data streams, but indexes additional fields. These additional fields are shown in Discover, but as they are not mapped it's not possible to search on them.

The most notable one is service.name (see Slack thread.

Ideally, dynamic: false should be removed so all fields are mapped properly. Alternatively, service.name is added explicitly to all data streams that set it.

flash1293 commented 1 month ago

FYI @cmacknz

elasticmachine commented 1 month ago

Pinging @elastic/elastic-agent (Team:Elastic-Agent)

elasticmachine commented 1 month ago

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

jlind23 commented 1 month ago

Also related to https://github.com/elastic/elastic-agent/issues/2724