When loading dashboards, you see the error: "The field associated with this object no longer exists in the data view. Please use another field,"
Go to stack management:
And confirm you see Indices and that they match the dashboard file you imported (ECS vs CODEX -- See Reason #2):
If you do not see ElastiFlow Indices like the above, you must troubleshoot your flow collector and confirm that:
It is running
It is receiving flows on the expected port and is listening on that port
The host-based firewall is not blocking these packets (common in Red Hat based Linux)
The Flow Collector has successfully connected to your data platform (OpenSearch, Elasticsearch etc..)
There are two sets of dashboards that can be downloaded from: https://github.com/elastiflow/elastiflow_for_elasticsearch
How you configure the following setting in the flow collector will determine which set of dashboards to import: EF_OUTPUT_ELASTICSEARCH_ECS_ENABLE=true/false EF_OUTPUT_OPENSEARCH_ECS_ENABLE=true/false https://docs.elastiflow.com/config_ref_output_elasticsearch#ef_output_elasticsearch_ecs_enable https://docs.elastiflow.com/config_ref_output_opensearch/#ef_output_opensearch_ecs_enable
If you set this flag to 'true' you will import the dashboard file with ECS in its filename:
If you set this flag to 'false' you will import the dashboard file (light or dark theme) with CODEX in its filename:
