patterns ecs-v1 to use host.name instead of host.hostname

At the moment the default patterns coming from ecs-v1 use [host.hostname](https://github.com/search?q=repo%3Alogstash-plugins%2Flogstash-patterns-core+path%3A%2F%5Epatterns%5C%2Fecs-v1%5C%2F%2F+hostname&type=code) (same is defined for [elasticsearch ingest node](https://github.com/search?q=repo%3Aelastic%2Felasticsearch+path%3A%2F%5Elibs%5C%2Fgrok%5C%2Fsrc%5C%2Fmain%5C%2Fresources%5C%2Fpatterns%5C%2Fecs-v1%5C%2F%2F+host.&type=code))

[ECS documentation for host](https://www.elastic.co/guide/en/ecs/8.11/ecs-host.html) list both `host.name` and `host.hostname`

However most [integrations](https://www.elastic.co/docs/current/en/integrations) currently use `host.name` so Kibana visualizations/dashboard tend to use this field causing them not to be usable when `host.hostname` is used

---

Workaround solutions : 
- add a second field `host.name` on logstash pipeline (or elasticsearch ingest node pipeline) at ingestion time to have both fields and be able to use common visualizations
- add a [runtime field](https://www.elastic.co/guide/en/elasticsearch/reference/8.14/runtime-mapping-fields.html#runtime-fields-scriptless) to add `host.name` to the indices (and index templates)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

patterns ecs-v1 to use host.name instead of host.hostname #326

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

patterns ecs-v1 to use host.name instead of host.hostname #326

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions