Hi,
The endpoint datastreams are missing the agent.name field in the documents. Normally any document ingested by Elastic Agent using an Integration has agent.name available.
For some datastreams agent.name already exists in the mapping:
https://github.com/elastic/endpoint-package/blob/master/package/endpoint/data_stream/process/fields/fields.yml#L50
Hi,
The endpoint datastreams are missing the
agent.namefield in the documents. Normally any document ingested by Elastic Agent using an Integration hasagent.nameavailable.For some datastreams
agent.namealready exists in the mapping:https://github.com/elastic/endpoint-package/blob/master/package/endpoint/data_stream/process/fields/fields.yml#L50