elasticsearch icon indicating copy to clipboard operation
elasticsearch copied to clipboard
verified publisher icon elastic

patterns ecs-v1 to use host.name instead of host.hostname

Open jguay opened this issue 1 year ago • 1 comments

Description

Feature request also raised in https://github.com/logstash-plugins/logstash-patterns-core/issues/326

At the moment the default patterns coming from ecs-v1 use host.hostname (same is defined for logstash ingest node)

ECS documentation for host list both host.name and host.hostname

However most integrations currently use host.name so Kibana visualizations/dashboard tend to use this field causing them not to be usable when host.hostname is used

Such change is potentially a breaking changes for user who rely on host.hostname naming which also need to be addressed

Workaround solutions :

  • add a second field host.name on elasticsearch ingest node pipeline at ingestion time to have both fields and be able to use common visualizations
  • add a runtime field to add host.name to the indices (and index templates)

jguay avatar Jun 26 '24 15:06 jguay

Pinging @elastic/es-data-management (Team:Data Management)

elasticsearchmachine avatar Jun 28 '24 09:06 elasticsearchmachine