Issue: Kibana is reporting the following mapping conflict warning:
Mapping conflict! A field is defined as several types (string, integer, etc) across the indices that match this pattern. You may still be able to use these conflict fields in parts of Kibana, but they will be unavailable for functions that require Kibana to know their type. Correcting this issue will require reindexing your data.
To view the issue in Kibana, perform the following:
Launch the Kibana page.
Click the Management tab.
Under Kibana section, select Index Patterns.
Select security.events.normalized_*
Ensure that, there are 632 fields indexed and there is no mapping conflict warning.
Workaround: Perform the following, if the number of fields indexed are less than 632 or to fix the Kibana mapping conflict warning:
Delete the below index pattern from the Kibana Management tab:
security.events.normalized_*
Switch to the following bin directory:
cd <sentinel-installation-path>/opt/novell/sentinel/bin
Switch to the novell user:
su novell
Delete indices by following the below command from the Sentinel’s elasticsearch:
./elasticsearchRestClient.sh {sentinel_ip} {port used for elasticsearch} DELETE security.events.normalized_*Run the following command to apply mapping template on events index in the Sentinel’s elasticsearch:
./elasticsearch_index_template.sh {sentinel-ip} {port used for elasticsearch} security.events.normalized_* 6 1Run the following command to create the Index pattern in the Kibana:
./create_kibana_index_pattern.sh http://{localhost}:5601 security.events.normalized_* {tenant-name}