Logstash 7.3
OS: All
Logstash direct input plugins such as tcp, udp, syslog, etc. create events with the field "host" populated incorrectly. To conform to ECS the host name should be placed into "host.name". It would be useful if the plugins could also populate other fields like "host.ip".

Arguably it should populate "agent" fields as well since logstash is acting as the agent.