The Fortigate integration contains some fields that do not match ECS naming conventions. These use a dash instead of an underscore, as documented in the ECS guidelines:
fortinet.firewall.app-type should be fortinet.firewall.app_typefortinet.firewall.cert-type should be fortinet.firewall.cert_typefortinet.firewall.ha-prio should be fortinet.firewall.ha_priofortinet.firewall.monitor-name should be fortinet.firewall.monitor_namefortinet.firewall.monitor-type should be fortinet.firewall.monitor_type
The Fortigate integration contains some fields that do not match ECS naming conventions. These use a dash instead of an underscore, as documented in the ECS guidelines:
fortinet.firewall.app-type
should befortinet.firewall.app_type
fortinet.firewall.cert-type
should befortinet.firewall.cert_type
fortinet.firewall.ha-prio
should befortinet.firewall.ha_prio
fortinet.firewall.monitor-name
should befortinet.firewall.monitor_name
fortinet.firewall.monitor-type
should befortinet.firewall.monitor_type
Raised here: https://github.com/elastic/enhancements/issues/22139