missing data fields after updates in kibana #14099
Replies: 1 comment
-
|
Found the field in "empty fields" :-/ |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.111
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Distributed
Location
on-prem with Internet access
Hardware Specs
Exceeds minimum requirements
CPU
128
RAM
1TB
Storage for /
30TB
Storage for /nsm
70TB
Network Traffic Collection
span port
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
No, there are no additional clues
Detail
We miss the datafield events.original. It´s gone half an year ago, but we see it first today. Normaly we don´t look deep in the Discover logs.
Strange thing: We changed no pipline or grok. The grok works with the datafield event.original and pharse it from there. But we don´t the the datafield in kibana.
Also no errors in kibana in stack management.
So why elastic work with the datafield, but we don´t see it in kibana?
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions