I am ingesting Cloudtrail logs via Fleet and I'm getting errors stating the field has been stored as a Keyword.
If I check the Mappings in the Index Template I can't see a mapping for the event.created field, where if I check Azure (which I also have working), it does define event.created as a data.
As both Azure and AWS go in to the logs-* index pattern it causes a conflict.
This has been checked by an Elastic team member and confirmed that the field is missing at The field seems indeed to be missing: https://github.com/elastic/integrations/tree/master/packages/aws/data_stream/cloudtrail/fields
Issue initially raised on Elastic discuss forums:
https://discuss.elastic.co/t/aws-integrations-mapping-error/283502
Thanks
I am ingesting Cloudtrail logs via Fleet and I'm getting errors stating the field has been stored as a Keyword.
If I check the Mappings in the Index Template I can't see a mapping for the event.created field, where if I check Azure (which I also have working), it does define event.created as a data.
As both Azure and AWS go in to the logs-* index pattern it causes a conflict.
This has been checked by an Elastic team member and confirmed that the field is missing at The field seems indeed to be missing: https://github.com/elastic/integrations/tree/master/packages/aws/data_stream/cloudtrail/fields
Issue initially raised on Elastic discuss forums:
https://discuss.elastic.co/t/aws-integrations-mapping-error/283502
Thanks