Type conflict in Elasticsearch for "record.collect.timestamp" date/long

Hi all. Elasticsearch is throwing me an error about a type conflict for “record.collect.timestamp”.

This field has a type conflict
The type of the record.collect.timestamp field changes across indices and might not be available for search, visualizations, and other analysis.

Type	Indices
date	elastiflow-telemetry_flow-ecs-8.0-2.5-rollover-000001
long	elastiflow-metric-ecs-8.0-2.5-rollover

What type should this field be and how do I fix it as I think it’s Elastiflow that manages these index templates. I’ve deleted the indexes and they get recreated with the same types for this field.

Yes, I can see that in the index mappings. Let me investigate.

Screenshot 2025-10-28 at 12.17.09556×547 23.3 KB

Screenshot 2025-10-28 at 12.16.33593×593 24.5 KB

The data in the ‘metrics’ table is related to the metrics from the flow collector API … Metrics | ElastiFlow

The data in the ‘telemetry’ table is related to telemetry data from flow records.

Given that these are different data sets from different objects, the conflict in types are likely not a concern since it is unlikely that searches or visualizations would need to use both indices. If I get any feedback on this question I’ll update you here.

Regards,

Dexter

To clarify, I have opened a bug ticket to get the ‘metric’ index template corrected. The ‘record.collect.timestamp’ type should be Date.

Thanks for asking!

Regards,

Dexter

That’s good to know. However, this would mean I’m probably reading the instructions wrong regarding datasets. For which I can no longer find the instructions I was looking at two weeks ago…

Thank you for clarifying.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.