ecs-mapping
ecs-mapping copied to clipboard
corelight
Mapping Corelight or Zeek data to Elastic Common Schema fields
Hi, [Data streams](https://www.elastic.co/guide/en/elasticsearch/reference/current/data-streams.html) are now the recommended way of ingesting logs and metrics. Is there a plan to support them with the available pipelines?
In version 1.9.0.1 there is a note that states "removed template_corelight_temporary_log_holdings". While none of the pipelines name their indices in a way that would trigger this template it does however...
The current DNS pipeline doesnt convert `dns.answers.ttl` which is copied from the Corelight field `TTLs` to the correct type. It seems Corelight sends it as an `array` however the expected...