In elastic/integrations#10353 (comment) we found documents that were causing issues about unexpected arrays of objects, but the value is a valid array of strings. An array of strings should be considered as valid if defined as a string type.

The issue seems to happen with multi-fields and synthetic source, what seems to be frequent when logsdb mode is used.

For example:

 "user_agent.name.text": [ "Firefox" ], 

Seems to produce this error:

[1] field "user_agent.name.text" is used as array of objects, expected explicit definition with type group or nested 

Workaround in the meantime

As workaround in the meantime, package developers need to import the definition for these fields from ECS using external: ecs.

Tasks

### Tasks (see https://github.com/elastic/elastic-package/issues/1971#issuecomment-2275300209) - [ ] Split the rule in ecs@mappings so the fields without multifield don't get the .text multifield - [ ] Add a test in ES that loops over all fields defined in ECS to check that ecs@mappings produces equivalent mappings