Hi all. Elasticsearch is throwing me an error about a type conflict for “record.collect.timestamp”.
This field has a type conflict
The type of the record.collect.timestamp field changes across indices and might not be available for search, visualizations, and other analysis.
Type Indices
date elastiflow-telemetry_flow-ecs-8.0-2.5-rollover-000001
long elastiflow-metric-ecs-8.0-2.5-rollover
What type should this field be and how do I fix it as I think it’s Elastiflow that manages these index templates. I’ve deleted the indexes and they get recreated with the same types for this field.
Yes, I can see that in the index mappings. Let me investigate.
The data in the ‘metrics’ table is related to the metrics from the flow collector API … Metrics | ElastiFlow
The data in the ‘telemetry’ table is related to telemetry data from flow records.
Given that these are different data sets from different objects, the conflict in types are likely not a concern since it is unlikely that searches or visualizations would need to use both indices. If I get any feedback on this question I’ll update you here.
Regards,
Dexter
To clarify, I have opened a bug ticket to get the ‘metric’ index template corrected. The ‘record.collect.timestamp’ type should be Date.
Thanks for asking!
Regards,
Dexter
That’s good to know. However, this would mean I’m probably reading the instructions wrong regarding datasets. For which I can no longer find the instructions I was looking at two weeks ago…
Thank you for clarifying.
