logstash-output-elasticsearch 10.5.1-java → 10.7.3-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (28) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +22 -0
  3. data/CONTRIBUTORS +1 -0
  4. data/docs/index.asciidoc +142 -81
  5. data/lib/logstash/outputs/elasticsearch.rb +33 -0
  6. data/lib/logstash/outputs/elasticsearch/common.rb +21 -8
  7. data/lib/logstash/outputs/elasticsearch/common_configs.rb +3 -3
  8. data/lib/logstash/outputs/elasticsearch/http_client.rb +6 -2
  9. data/lib/logstash/outputs/elasticsearch/ilm.rb +1 -1
  10. data/lib/logstash/outputs/elasticsearch/template_manager.rb +20 -12
  11. data/lib/logstash/outputs/elasticsearch/{elasticsearch-template-es2x.json → templates/ecs-disabled/elasticsearch-2x.json} +0 -0
  12. data/lib/logstash/outputs/elasticsearch/{elasticsearch-template-es5x.json → templates/ecs-disabled/elasticsearch-5x.json} +0 -0
  13. data/lib/logstash/outputs/elasticsearch/{elasticsearch-template-es6x.json → templates/ecs-disabled/elasticsearch-6x.json} +0 -0
  14. data/lib/logstash/outputs/elasticsearch/{elasticsearch-template-es7x.json → templates/ecs-disabled/elasticsearch-7x.json} +0 -0
  15. data/lib/logstash/outputs/elasticsearch/templates/ecs-disabled/elasticsearch-8x.json +50 -0
  16. data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-6x.json +2950 -0
  17. data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-7x.json +2948 -0
  18. data/logstash-output-elasticsearch.gemspec +2 -1
  19. data/spec/es_spec_helper.rb +32 -12
  20. data/spec/fixtures/template-with-policy-es8x.json +50 -0
  21. data/spec/integration/outputs/ilm_spec.rb +36 -22
  22. data/spec/integration/outputs/metrics_spec.rb +1 -5
  23. data/spec/unit/outputs/elasticsearch/http_client_spec.rb +22 -0
  24. data/spec/unit/outputs/elasticsearch/template_manager_spec.rb +40 -3
  25. data/spec/unit/outputs/elasticsearch_spec.rb +23 -1
  26. data/spec/unit/outputs/error_whitelist_spec.rb +1 -1
  27. metadata +25 -7
  28. data/lib/logstash/outputs/elasticsearch/elasticsearch-template-es8x.json +0 -44
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cefa6633e4a89765721857efffd49144e84f4fd76a2b6625664478076f4623bd
4
- data.tar.gz: d774499e956fdf0a2920a27e38830f47f7b479f313666874d447319db8736de6
3
+ metadata.gz: 800beb4697a44f1c41a41490b627b5b6dd192c695a818b33118e778a0fde7902
4
+ data.tar.gz: 380591f1e759722fac05fbc8893113ad0821cb9878e5257a9da8dc90f9a4fd09
5
5
  SHA512:
6
- metadata.gz: 142fdc58605911159a51bdd825bdb22e78f182a61084babc31f6827bf5965aea00dbfb6c9b5c58d55f26e6a9b09ca32b2b48e5a39b887afd400e3793f0d6044c
7
- data.tar.gz: 3d98fa8506b2bba7a631f536e025aa5f6f3c50da862ee53509136df3430ce685f0d5adfefcd8bc14a97fdde874bd8e3e220842beaa8772663324e9a7571c145c
6
+ metadata.gz: 895bdaa0f45d48396b594df34545174a7788eb7647df0fc6cad58ab162950c399319d0c462d97a49133368a88731e3548e4ef508dc7115fd448ebd75b7da6d47
7
+ data.tar.gz: 96feefdd53810337a249cb4412296515ff049a6a07c0a81c81fc23b4152bd0061f3d7fd3cec7956eb0abb07636c3b78c1dbb16daf1040a77e359dc771f79d67d
@@ -1,3 +1,25 @@
1
+ ## 10.7.3
2
+ - Added composable index template support for elasticsearch version 8 [#980](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/980)
3
+
4
+ ## 10.7.2
5
+ - [DOC] Fixed links to restructured Logstash-to-cloud docs [#975](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/975)
6
+
7
+ ## 10.7.1
8
+ - [DOC] Document the permissions required in secured clusters [#969](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/969)
9
+
10
+ ## 10.7.0
11
+ - Changed: don't set the pipeline parameter if the value resolves to an empty string [#962](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/962)
12
+
13
+ ## 10.6.2
14
+ - [DOC] Added clarifying info on http compression settings and behaviors [#943](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/943)
15
+ - [DOC] Fixed entry for ilm_policy default value[#956](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/956)
16
+
17
+ ## 10.6.1
18
+ - Fixed an issue introduced in 10.6.0 that broke Logstash Core's monitoring feature when this plugin is run in Logstash 7.7-7.8. [#953](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/953)
19
+
20
+ ## 10.6.0
21
+ - Added `ecs_compatiblity` mode, for managing ECS-compatable templates [#952](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/952)
22
+
1
23
  ## 10.5.1
2
24
  - [DOC] Removed outdated compatibility notices, reworked cloud notice, and fixed formatting for `hosts` examples [#938](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/938)
3
25
 
@@ -26,6 +26,7 @@ Contributors:
26
26
  * Tom Hodder (tolland)
27
27
  * jimmyjones2
28
28
  * Gabriel Moskovicz (gmoskovicz)
29
+ * Luca Belluccini (lucabelluccini)
29
30
 
30
31
  Note: If you've sent us patches, bug reports, or otherwise contributed to
31
32
  Logstash, and you aren't on the list above and want to be, please let us know
@@ -23,14 +23,14 @@ include::{include_path}/plugin_header.asciidoc[]
23
23
 
24
24
  If you plan to use the Kibana web interface to analyze data transformed by
25
25
  Logstash, use the Elasticsearch output plugin to get your data into
26
- Elasticsearch.
26
+ Elasticsearch.
27
27
 
28
28
  This output only speaks the HTTP protocol as it is the preferred protocol for
29
29
  interacting with Elasticsearch. In previous versions it was possible to
30
30
  communicate with Elasticsearch through the transport protocol, which is now
31
31
  reserved for internal cluster communication between nodes
32
32
  https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html[communication between nodes].
33
- Using the https://www.elastic.co/guide/en/elasticsearch/reference/current/java-clients.html[transport protocol]
33
+ Using the https://www.elastic.co/guide/en/elasticsearch/reference/current/java-clients.html[transport protocol]
34
34
  to communicate with the cluster has been deprecated in Elasticsearch 7.0.0 and
35
35
  will be removed in 8.0.0
36
36
 
@@ -53,16 +53,27 @@ connecting to Elasticsearch 7.x.
53
53
 
54
54
  ===== Hosted {es} Service on Elastic Cloud
55
55
 
56
- You can run Elasticsearch on your own hardware, or use our
57
- https://www.elastic.co/cloud/elasticsearch-service[hosted {es} Service] on
58
- Elastic Cloud. The Elasticsearch Service is available on AWS, Google Cloud
59
- Platform, and Microsoft Azure. {ess-trial}[Try the {es} Service for free].
56
+ {ess-leadin}
57
+
58
+ ==== Compatibility with the Elastic Common Schema (ECS)
59
+
60
+ This plugin will persist events to Elasticsearch in the shape produced by
61
+ your pipeline, and _cannot_ be used to re-shape the event structure into a
62
+ shape that complies with ECS. To produce events that fully comply with ECS,
63
+ you will need to populate ECS-defined fields throughout your pipeline
64
+ definition.
65
+
66
+ However, the Elasticsearch Index Templates it manages can be configured to
67
+ be ECS-compatible by setting <<plugins-{type}s-{plugin}-ecs_compatibility>>.
68
+ By having an ECS-compatible template in place, we can ensure that Elasticsearch
69
+ is prepared to create and index fields in a way that is compatible with ECS,
70
+ and will correctly reject events with fields that conflict and cannot be coerced.
60
71
 
61
72
  ==== Writing to different indices: best practices
62
73
 
63
74
  [NOTE]
64
75
  ================================================================================
65
- You cannot use dynamic variable substitution when `ilm_enabled` is `true` and
76
+ You cannot use dynamic variable substitution when `ilm_enabled` is `true` and
66
77
  when using `ilm_rollover_alias`.
67
78
 
68
79
  ================================================================================
@@ -77,7 +88,10 @@ Each Elasticsearch output is a new client connected to the cluster:
77
88
  * it has to initialize the client and connect to Elasticsearch (restart time is longer if you have more clients)
78
89
  * it has an associated connection pool
79
90
 
80
- In order to minimize the number of open connections to Elasticsearch, maximize the bulk size and reduce the number of "small" bulk requests (which could easily fill up the queue), it is usually more efficient to have a single Elasticsearch output.
91
+ In order to minimize the number of open connections to Elasticsearch, maximize
92
+ the bulk size and reduce the number of "small" bulk requests (which could easily
93
+ fill up the queue), it is usually more efficient to have a single Elasticsearch
94
+ output.
81
95
 
82
96
  Example:
83
97
  [source,ruby]
@@ -86,11 +100,14 @@ Example:
86
100
  index => "%{[some_field][sub_field]}-%{+YYYY.MM.dd}"
87
101
  }
88
102
  }
89
-
103
+
90
104
  **What to do in case there is no field in the event containing the destination index prefix?**
91
105
 
92
- You can use the `mutate` filter and conditionals to add a `[@metadata]` field (see https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#metadata) to set
93
- the destination index for each event. The `[@metadata]` fields will not be sent to Elasticsearch.
106
+ You can use the `mutate` filter and conditionals to add a `[@metadata]` field
107
+ (see
108
+ https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#metadata)
109
+ to set the destination index for each event. The `[@metadata]` fields will not
110
+ be sent to Elasticsearch.
94
111
 
95
112
  Example:
96
113
  [source,ruby]
@@ -122,7 +139,7 @@ HTTP requests to the bulk API are expected to return a 200 response code. All ot
122
139
  The following document errors are handled as follows:
123
140
 
124
141
  * 400 and 404 errors are sent to the dead letter queue (DLQ), if enabled. If a DLQ is not enabled, a log message will be emitted, and the event will be dropped. See <<plugins-{type}s-{plugin}-dlq-policy>> for more info.
125
- * 409 errors (conflict) are logged as a warning and dropped.
142
+ * 409 errors (conflict) are logged as a warning and dropped.
126
143
 
127
144
  Note that 409 exceptions are no longer retried. Please set a higher `retry_on_conflict` value if you experience 409 exceptions.
128
145
  It is more performant for Elasticsearch to retry these exceptions than this plugin.
@@ -204,18 +221,29 @@ not reevaluate its DNS value while the keepalive is in effect.
204
221
 
205
222
  ==== HTTP Compression
206
223
 
207
- This plugin supports request and response compression. Response compression is enabled by default and
208
- for Elasticsearch versions 5.0 and later, the user doesn't have to set any configs in Elasticsearch for
209
- it to send back compressed response. For versions before 5.0, `http.compression` must be set to `true` https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html#modules-http[in
210
- Elasticsearch] to take advantage of response compression when using this plugin
224
+ This plugin supports request and response compression. Response compression is
225
+ enabled by default for HTTP and for Elasticsearch versions 5.0 and later.
211
226
 
212
- For requests compression, regardless of the Elasticsearch version, users have to enable `http_compression`
213
- setting in their Logstash config file.
227
+ You don't have to set any configs in Elasticsearch for it to send back a
228
+ compressed response. For versions before 5.0, or if HTTPS is enabled,
229
+ `http.compression` must be set to `true`
230
+ https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html#modules-http[in
231
+ Elasticsearch] to take advantage of response compression when using this plugin.
232
+
233
+ For requests compression, regardless of the Elasticsearch version, enable the
234
+ `http_compression` setting in the Logstash config file.
214
235
 
215
236
  ==== Authentication
216
237
 
217
238
  Authentication to a secure Elasticsearch cluster is possible using one of the `user`/`password`, `cloud_auth` or `api_key` options.
218
239
 
240
+ [id="plugins-{type}s-{plugin}-autz"]
241
+ ==== Authorization
242
+
243
+ Authorization to a secure Elasticsearch cluster requires `read` permission at index level and `monitoring` permissions at cluster level.
244
+ The `monitoring` permission at cluster level is necessary to perform periodic connectivity checks.
245
+
246
+
219
247
  [id="plugins-{type}s-{plugin}-options"]
220
248
  ==== Elasticsearch Output Configuration Options
221
249
 
@@ -234,6 +262,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
234
262
  | <<plugins-{type}s-{plugin}-doc_as_upsert>> |<<boolean,boolean>>|No
235
263
  | <<plugins-{type}s-{plugin}-document_id>> |<<string,string>>|No
236
264
  | <<plugins-{type}s-{plugin}-document_type>> |<<string,string>>|No
265
+ | <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
237
266
  | <<plugins-{type}s-{plugin}-failure_type_logging_whitelist>> |<<array,array>>|No
238
267
  | <<plugins-{type}s-{plugin}-healthcheck_path>> |<<string,string>>|No
239
268
  | <<plugins-{type}s-{plugin}-hosts>> |<<uri,uri>>|No
@@ -288,7 +317,7 @@ output plugins.
288
317
  &nbsp;
289
318
 
290
319
  [id="plugins-{type}s-{plugin}-action"]
291
- ===== `action`
320
+ ===== `action`
292
321
 
293
322
  * Value type is <<string,string>>
294
323
  * Default value is `"index"`
@@ -319,7 +348,7 @@ Authenticate using Elasticsearch API key. Note that this option also requires en
319
348
  Format is `id:api_key` where `id` and `api_key` are as returned by the Elasticsearch https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html[Create API key API].
320
349
 
321
350
  [id="plugins-{type}s-{plugin}-bulk_path"]
322
- ===== `bulk_path`
351
+ ===== `bulk_path`
323
352
 
324
353
  * Value type is <<string,string>>
325
354
  * There is no default value for this setting.
@@ -328,7 +357,7 @@ HTTP Path to perform the _bulk requests to
328
357
  this defaults to a concatenation of the path parameter and "_bulk"
329
358
 
330
359
  [id="plugins-{type}s-{plugin}-cacert"]
331
- ===== `cacert`
360
+ ===== `cacert`
332
361
 
333
362
  * Value type is <<path,path>>
334
363
  * There is no default value for this setting.
@@ -343,7 +372,7 @@ The .cer or .pem file to validate the server's certificate
343
372
 
344
373
  Cloud authentication string ("<username>:<password>" format) is an alternative for the `user`/`password` pair.
345
374
 
346
- For more details, check out the https://www.elastic.co/guide/en/logstash/current/connecting-to-cloud.html#_cloud_auth[Logstash-to-Cloud documentation]
375
+ For more details, check out the https://www.elastic.co/guide/en/logstash/current/connecting-to-cloud.html[Logstash-to-Cloud documentation]
347
376
 
348
377
  [id="plugins-{type}s-{plugin}-cloud_id"]
349
378
  ===== `cloud_id`
@@ -353,10 +382,10 @@ For more details, check out the https://www.elastic.co/guide/en/logstash/current
353
382
 
354
383
  Cloud ID, from the Elastic Cloud web console. If set `hosts` should not be used.
355
384
 
356
- For more details, check out the https://www.elastic.co/guide/en/logstash/current/connecting-to-cloud.html#_cloud_id[Logstash-to-Cloud documentation]
385
+ For more details, check out the https://www.elastic.co/guide/en/logstash/current/connecting-to-cloud.html[Logstash-to-Cloud documentation]
357
386
 
358
387
  [id="plugins-{type}s-{plugin}-doc_as_upsert"]
359
- ===== `doc_as_upsert`
388
+ ===== `doc_as_upsert`
360
389
 
361
390
  * Value type is <<boolean,boolean>>
362
391
  * Default value is `false`
@@ -365,7 +394,7 @@ Enable `doc_as_upsert` for update mode.
365
394
  Create a new document with source if `document_id` doesn't exist in Elasticsearch
366
395
 
367
396
  [id="plugins-{type}s-{plugin}-document_id"]
368
- ===== `document_id`
397
+ ===== `document_id`
369
398
 
370
399
  * Value type is <<string,string>>
371
400
  * There is no default value for this setting.
@@ -373,7 +402,7 @@ Create a new document with source if `document_id` doesn't exist in Elasticsearc
373
402
  The document ID for the index. Useful for overwriting existing entries in Elasticsearch with the same ID.
374
403
 
375
404
  [id="plugins-{type}s-{plugin}-document_type"]
376
- ===== `document_type`
405
+ ===== `document_type`
377
406
 
378
407
  * Value type is <<string,string>>
379
408
  * There is no default value for this setting.
@@ -393,8 +422,27 @@ If you don't set a value for this option:
393
422
  - for elasticsearch clusters 6.x: the value of 'doc' will be used;
394
423
  - for elasticsearch clusters 5.x and below: the event's 'type' field will be used, if the field is not present the value of 'doc' will be used.
395
424
 
425
+ [id="plugins-{type}s-{plugin}-ecs_compatibility"]
426
+ ===== `ecs_compatibility`
427
+
428
+ * Value type is <<string,string>>
429
+ * Supported values are:
430
+ ** `disabled`: does not provide ECS-compatible templates
431
+ ** `v1`: provides defaults that are compatible with v1 of the Elastic Common Schema
432
+ * Default value depends on which version of Logstash is running:
433
+ ** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
434
+ ** Otherwise, the default value is `disabled`.
435
+
436
+ Controls this plugin's compatibility with the https://www.elastic.co/guide/en/ecs/current/index.html[Elastic Common Schema (ECS)],
437
+ including the installation of ECS-compatible index templates.
438
+ The value of this setting affects the _default_ values of:
439
+
440
+ * <<plugins-{type}s-{plugin}-index>>
441
+ * <<plugins-{type}s-{plugin}-template_name>>
442
+ * <<plugins-{type}s-{plugin}-ilm_rollover_alias>>
443
+
396
444
  [id="plugins-{type}s-{plugin}-failure_type_logging_whitelist"]
397
- ===== `failure_type_logging_whitelist`
445
+ ===== `failure_type_logging_whitelist`
398
446
 
399
447
  * Value type is <<array,array>>
400
448
  * Default value is `[]`
@@ -415,7 +463,7 @@ an elasticsearch node. The headers will be used for any kind of request
415
463
  These custom headers will be overidden by settings like `http_compression`.
416
464
 
417
465
  [id="plugins-{type}s-{plugin}-healthcheck_path"]
418
- ===== `healthcheck_path`
466
+ ===== `healthcheck_path`
419
467
 
420
468
  * Value type is <<string,string>>
421
469
  * There is no default value for this setting.
@@ -426,7 +474,7 @@ before it is once again eligible to service requests.
426
474
  If you have custom firewall rules you may need to change this
427
475
 
428
476
  [id="plugins-{type}s-{plugin}-hosts"]
429
- ===== `hosts`
477
+ ===== `hosts`
430
478
 
431
479
  * Value type is <<uri,uri>>
432
480
  * Default value is `[//127.0.0.1]`
@@ -442,13 +490,17 @@ Examples:
442
490
  `["https://127.0.0.1:9200"]`
443
491
  `["https://127.0.0.1:9200/mypath"]` (If using a proxy on a subpath)
444
492
 
445
- It is important to exclude http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html[dedicated master nodes] from the `hosts` list
446
- to prevent LS from sending bulk requests to the master nodes. So this parameter should only reference either data or client nodes in Elasticsearch.
493
+ Exclude
494
+ http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html[dedicated
495
+ master nodes] from the `hosts` list to prevent Logstash from sending bulk
496
+ requests to the master nodes. This parameter should reference only data or
497
+ client nodes in Elasticsearch.
447
498
 
448
- Any special characters present in the URLs here MUST be URL escaped! This means `#` should be put in as `%23` for instance.
499
+ Any special characters present in the URLs here MUST be URL escaped! This means
500
+ `#` should be put in as `%23` for instance.
449
501
 
450
502
  [id="plugins-{type}s-{plugin}-http_compression"]
451
- ===== `http_compression`
503
+ ===== `http_compression`
452
504
 
453
505
  * Value type is <<boolean,boolean>>
454
506
  * Default value is `false`
@@ -485,11 +537,14 @@ NOTE: Updating the pattern will require the index template to be rewritten
485
537
 
486
538
  NOTE: The pattern must finish with a dash and a number that will be automatically incremented when indices rollover.
487
539
 
540
+ NOTE: The pattern is a 6-digit string padded by zeros, regardless of prior index name. Example: 000001.
541
+ See {ref}/indices-rollover-index.html#rollover-index-api-path-params[Rollover path parameters API docs] for details.
542
+
488
543
  [id="plugins-{type}s-{plugin}-ilm_policy"]
489
544
  ===== `ilm_policy`
490
545
 
491
546
  * Value type is <<string,string>>
492
- * Default value is `logstash`
547
+ * Default value is `logstash-policy`
493
548
 
494
549
  Modify this setting to use a custom Index Lifecycle Management policy, rather than the default. If this value is not set, the default policy will
495
550
  be automatically installed into Elasticsearch
@@ -500,7 +555,9 @@ NOTE: If this setting is specified, the policy must already exist in Elasticsear
500
555
  ===== `ilm_rollover_alias`
501
556
 
502
557
  * Value type is <<string,string>>
503
- * Default value is `logstash`
558
+ * Default value depends on whether <<plugins-{type}s-{plugin}-ecs_compatibility>> is enabled:
559
+ ** ECS Compatibility disabled: `logstash`
560
+ ** ECS Compatibility enabled: `ecs-logstash`
504
561
 
505
562
  The rollover alias is the alias where indices managed using Index Lifecycle Management will be written to.
506
563
 
@@ -511,10 +568,12 @@ NOTE: Updating the rollover alias will require the index template to be rewritte
511
568
  NOTE: `ilm_rollover_alias` does NOT support dynamic variable substitution as `index` does.
512
569
 
513
570
  [id="plugins-{type}s-{plugin}-index"]
514
- ===== `index`
571
+ ===== `index`
515
572
 
516
573
  * Value type is <<string,string>>
517
- * Default value is `"logstash-%{+yyyy.MM.dd}"`
574
+ * Default value depends on whether <<plugins-{type}s-{plugin}-ecs_compatibility>> is enabled:
575
+ ** ECS Compatibility disabled: `"logstash-%{+yyyy.MM.dd}"`
576
+ ** ECS Compatibility enabled: `"ecs-logstash-%{+yyyy.MM.dd}"`
518
577
 
519
578
  The index to write events to. This can be dynamic using the `%{foo}` syntax.
520
579
  The default value will partition your indices by day so you can more easily
@@ -525,7 +584,7 @@ LS uses Joda to format the index pattern from event timestamp.
525
584
  Joda formats are defined http://www.joda.org/joda-time/apidocs/org/joda/time/format/DateTimeFormat.html[here].
526
585
 
527
586
  [id="plugins-{type}s-{plugin}-keystore"]
528
- ===== `keystore`
587
+ ===== `keystore`
529
588
 
530
589
  * Value type is <<path,path>>
531
590
  * There is no default value for this setting.
@@ -534,7 +593,7 @@ The keystore used to present a certificate to the server.
534
593
  It can be either .jks or .p12
535
594
 
536
595
  [id="plugins-{type}s-{plugin}-keystore_password"]
537
- ===== `keystore_password`
596
+ ===== `keystore_password`
538
597
 
539
598
  * Value type is <<password,password>>
540
599
  * There is no default value for this setting.
@@ -542,13 +601,14 @@ It can be either .jks or .p12
542
601
  Set the keystore password
543
602
 
544
603
  [id="plugins-{type}s-{plugin}-manage_template"]
545
- ===== `manage_template`
604
+ ===== `manage_template`
546
605
 
547
606
  * Value type is <<boolean,boolean>>
548
607
  * Default value is `true`
549
608
 
550
609
  From Logstash 1.3 onwards, a template is applied to Elasticsearch during
551
- Logstash's startup if one with the name `template_name` does not already exist.
610
+ Logstash's startup if one with the name <<plugins-{type}s-{plugin}-template_name>>
611
+ does not already exist.
552
612
  By default, the contents of this template is the default template for
553
613
  `logstash-%{+YYYY.MM.dd}` which always matches indices based on the pattern
554
614
  `logstash-*`. Should you require support for other index names, or would like
@@ -561,7 +621,7 @@ field names) you should set `manage_template` to false and use the REST
561
621
  API to apply your templates manually.
562
622
 
563
623
  [id="plugins-{type}s-{plugin}-parameters"]
564
- ===== `parameters`
624
+ ===== `parameters`
565
625
 
566
626
  * Value type is <<hash,hash>>
567
627
  * There is no default value for this setting.
@@ -571,7 +631,7 @@ to every host listed in the 'hosts' configuration. If the 'hosts' list contains
571
631
  urls that already have query strings, the one specified here will be appended.
572
632
 
573
633
  [id="plugins-{type}s-{plugin}-parent"]
574
- ===== `parent`
634
+ ===== `parent`
575
635
 
576
636
  * Value type is <<string,string>>
577
637
  * Default value is `nil`
@@ -580,7 +640,7 @@ For child documents, ID of the associated parent.
580
640
  This can be dynamic using the `%{foo}` syntax.
581
641
 
582
642
  [id="plugins-{type}s-{plugin}-password"]
583
- ===== `password`
643
+ ===== `password`
584
644
 
585
645
  * Value type is <<password,password>>
586
646
  * There is no default value for this setting.
@@ -588,7 +648,7 @@ This can be dynamic using the `%{foo}` syntax.
588
648
  Password to authenticate to a secure Elasticsearch cluster
589
649
 
590
650
  [id="plugins-{type}s-{plugin}-path"]
591
- ===== `path`
651
+ ===== `path`
592
652
 
593
653
  * Value type is <<string,string>>
594
654
  * There is no default value for this setting.
@@ -599,16 +659,16 @@ Note that if you use paths as components of URLs in the 'hosts' field you may
599
659
  not also set this field. That will raise an error at startup
600
660
 
601
661
  [id="plugins-{type}s-{plugin}-pipeline"]
602
- ===== `pipeline`
662
+ ===== `pipeline`
603
663
 
604
664
  * Value type is <<string,string>>
605
665
  * Default value is `nil`
606
666
 
607
- Set which ingest pipeline you wish to execute for an event. You can also use event dependent configuration
608
- here like `pipeline => "%{INGEST_PIPELINE}"`
667
+ Set which ingest pipeline you wish to execute for an event. You can also use event dependent configuration here
668
+ like `pipeline => "%{[@metadata][pipeline]}"`. The pipeline parameter won't be set if the value resolves to empty string ("").
609
669
 
610
670
  [id="plugins-{type}s-{plugin}-pool_max"]
611
- ===== `pool_max`
671
+ ===== `pool_max`
612
672
 
613
673
  * Value type is <<number,number>>
614
674
  * Default value is `1000`
@@ -619,7 +679,7 @@ Setting this too low may mean frequently closing / opening connections
619
679
  which is bad.
620
680
 
621
681
  [id="plugins-{type}s-{plugin}-pool_max_per_route"]
622
- ===== `pool_max_per_route`
682
+ ===== `pool_max_per_route`
623
683
 
624
684
  * Value type is <<number,number>>
625
685
  * Default value is `100`
@@ -630,7 +690,7 @@ Setting this too low may mean frequently closing / opening connections
630
690
  which is bad.
631
691
 
632
692
  [id="plugins-{type}s-{plugin}-proxy"]
633
- ===== `proxy`
693
+ ===== `proxy`
634
694
 
635
695
  * Value type is <<uri,uri>>
636
696
  * There is no default value for this setting.
@@ -641,7 +701,7 @@ An empty string is treated as if proxy was not set. This is useful when using
641
701
  environment variables e.g. `proxy => '${LS_PROXY:}'`.
642
702
 
643
703
  [id="plugins-{type}s-{plugin}-resurrect_delay"]
644
- ===== `resurrect_delay`
704
+ ===== `resurrect_delay`
645
705
 
646
706
  * Value type is <<number,number>>
647
707
  * Default value is `5`
@@ -651,7 +711,7 @@ Resurrection is the process by which backend endpoints marked 'down' are checked
651
711
  to see if they have come back to life
652
712
 
653
713
  [id="plugins-{type}s-{plugin}-retry_initial_interval"]
654
- ===== `retry_initial_interval`
714
+ ===== `retry_initial_interval`
655
715
 
656
716
  * Value type is <<number,number>>
657
717
  * Default value is `2`
@@ -659,7 +719,7 @@ to see if they have come back to life
659
719
  Set initial interval in seconds between bulk retries. Doubled on each retry up to `retry_max_interval`
660
720
 
661
721
  [id="plugins-{type}s-{plugin}-retry_max_interval"]
662
- ===== `retry_max_interval`
722
+ ===== `retry_max_interval`
663
723
 
664
724
  * Value type is <<number,number>>
665
725
  * Default value is `64`
@@ -667,17 +727,15 @@ Set initial interval in seconds between bulk retries. Doubled on each retry up t
667
727
  Set max interval in seconds between bulk retries.
668
728
 
669
729
  [id="plugins-{type}s-{plugin}-retry_on_conflict"]
670
- ===== `retry_on_conflict`
730
+ ===== `retry_on_conflict`
671
731
 
672
732
  * Value type is <<number,number>>
673
733
  * Default value is `1`
674
734
 
675
- The number of times Elasticsearch should internally retry an update/upserted document
676
- See the https://www.elastic.co/guide/en/elasticsearch/guide/current/partial-updates.html[partial updates]
677
- for more info
735
+ The number of times Elasticsearch should internally retry an update/upserted document.
678
736
 
679
737
  [id="plugins-{type}s-{plugin}-routing"]
680
- ===== `routing`
738
+ ===== `routing`
681
739
 
682
740
  * Value type is <<string,string>>
683
741
  * There is no default value for this setting.
@@ -686,7 +744,7 @@ A routing override to be applied to all processed events.
686
744
  This can be dynamic using the `%{foo}` syntax.
687
745
 
688
746
  [id="plugins-{type}s-{plugin}-script"]
689
- ===== `script`
747
+ ===== `script`
690
748
 
691
749
  * Value type is <<string,string>>
692
750
  * Default value is `""`
@@ -702,7 +760,7 @@ Example:
702
760
  }
703
761
 
704
762
  [id="plugins-{type}s-{plugin}-script_lang"]
705
- ===== `script_lang`
763
+ ===== `script_lang`
706
764
 
707
765
  * Value type is <<string,string>>
708
766
  * Default value is `"painless"`
@@ -711,7 +769,7 @@ Set the language of the used script. If not set, this defaults to painless in ES
711
769
  When using indexed (stored) scripts on Elasticsearch 6 and higher, you must set this parameter to `""` (empty string).
712
770
 
713
771
  [id="plugins-{type}s-{plugin}-script_type"]
714
- ===== `script_type`
772
+ ===== `script_type`
715
773
 
716
774
  * Value can be any of: `inline`, `indexed`, `file`
717
775
  * Default value is `["inline"]`
@@ -722,7 +780,7 @@ Define the type of script referenced by "script" variable
722
780
  file : "script" contains the name of script stored in elasticsearch's config directory
723
781
 
724
782
  [id="plugins-{type}s-{plugin}-script_var_name"]
725
- ===== `script_var_name`
783
+ ===== `script_var_name`
726
784
 
727
785
  * Value type is <<string,string>>
728
786
  * Default value is `"event"`
@@ -730,7 +788,7 @@ Define the type of script referenced by "script" variable
730
788
  Set variable name passed to script (scripted update)
731
789
 
732
790
  [id="plugins-{type}s-{plugin}-scripted_upsert"]
733
- ===== `scripted_upsert`
791
+ ===== `scripted_upsert`
734
792
 
735
793
  * Value type is <<boolean,boolean>>
736
794
  * Default value is `false`
@@ -738,7 +796,7 @@ Set variable name passed to script (scripted update)
738
796
  if enabled, script is in charge of creating non-existent document (scripted update)
739
797
 
740
798
  [id="plugins-{type}s-{plugin}-sniffing"]
741
- ===== `sniffing`
799
+ ===== `sniffing`
742
800
 
743
801
  * Value type is <<boolean,boolean>>
744
802
  * Default value is `false`
@@ -748,7 +806,7 @@ For Elasticsearch 1.x and 2.x any nodes with `http.enabled` (on by default) will
748
806
  For Elasticsearch 5.x and 6.x any nodes with `http.enabled` (on by default) will be added to the hosts list, excluding master-only nodes.
749
807
 
750
808
  [id="plugins-{type}s-{plugin}-sniffing_delay"]
751
- ===== `sniffing_delay`
809
+ ===== `sniffing_delay`
752
810
 
753
811
  * Value type is <<number,number>>
754
812
  * Default value is `5`
@@ -756,7 +814,7 @@ For Elasticsearch 5.x and 6.x any nodes with `http.enabled` (on by default) will
756
814
  How long to wait, in seconds, between sniffing attempts
757
815
 
758
816
  [id="plugins-{type}s-{plugin}-sniffing_path"]
759
- ===== `sniffing_path`
817
+ ===== `sniffing_path`
760
818
 
761
819
  * Value type is <<string,string>>
762
820
  * There is no default value for this setting.
@@ -767,7 +825,7 @@ if sniffing_path is set it will be used as an absolute path
767
825
  do not use full URL here, only paths, e.g. "/sniff/_nodes/http"
768
826
 
769
827
  [id="plugins-{type}s-{plugin}-ssl"]
770
- ===== `ssl`
828
+ ===== `ssl`
771
829
 
772
830
  * Value type is <<boolean,boolean>>
773
831
  * There is no default value for this setting.
@@ -777,7 +835,7 @@ is specified in the URLs listed in 'hosts'. If no explicit protocol is specified
777
835
  If SSL is explicitly disabled here the plugin will refuse to start if an HTTPS URL is given in 'hosts'
778
836
 
779
837
  [id="plugins-{type}s-{plugin}-ssl_certificate_verification"]
780
- ===== `ssl_certificate_verification`
838
+ ===== `ssl_certificate_verification`
781
839
 
782
840
  * Value type is <<boolean,boolean>>
783
841
  * Default value is `true`
@@ -787,7 +845,7 @@ For more information on disabling certificate verification please read
787
845
  https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
788
846
 
789
847
  [id="plugins-{type}s-{plugin}-template"]
790
- ===== `template`
848
+ ===== `template`
791
849
 
792
850
  * Value type is <<path,path>>
793
851
  * There is no default value for this setting.
@@ -796,10 +854,13 @@ You can set the path to your own template here, if you so desire.
796
854
  If not set, the included template will be used.
797
855
 
798
856
  [id="plugins-{type}s-{plugin}-template_name"]
799
- ===== `template_name`
857
+ ===== `template_name`
800
858
 
801
859
  * Value type is <<string,string>>
802
- * Default value is `"logstash"`
860
+ * Default value depends on whether <<plugins-{type}s-{plugin}-ecs_compatibility>> is enabled:
861
+ ** ECS Compatibility disabled: `logstash`
862
+ ** ECS Compatibility enabled: `ecs-logstash`
863
+
803
864
 
804
865
  This configuration option defines how the template is named inside Elasticsearch.
805
866
  Note that if you have used the template management features and subsequently
@@ -810,7 +871,7 @@ change this, you will need to prune the old template manually, e.g.
810
871
  where `OldTemplateName` is whatever the former setting was.
811
872
 
812
873
  [id="plugins-{type}s-{plugin}-template_overwrite"]
813
- ===== `template_overwrite`
874
+ ===== `template_overwrite`
814
875
 
815
876
  * Value type is <<boolean,boolean>>
816
877
  * Default value is `false`
@@ -827,7 +888,7 @@ template (logstash), setting this to true will make Logstash to overwrite
827
888
  the "logstash" template (i.e. removing all customized settings)
828
889
 
829
890
  [id="plugins-{type}s-{plugin}-timeout"]
830
- ===== `timeout`
891
+ ===== `timeout`
831
892
 
832
893
  * Value type is <<number,number>>
833
894
  * Default value is `60`
@@ -836,7 +897,7 @@ Set the timeout, in seconds, for network operations and requests sent Elasticsea
836
897
  a timeout occurs, the request will be retried.
837
898
 
838
899
  [id="plugins-{type}s-{plugin}-truststore"]
839
- ===== `truststore`
900
+ ===== `truststore`
840
901
 
841
902
  * Value type is <<path,path>>
842
903
  * There is no default value for this setting.
@@ -846,7 +907,7 @@ It can be either .jks or .p12.
846
907
  Use either `:truststore` or `:cacert`.
847
908
 
848
909
  [id="plugins-{type}s-{plugin}-truststore_password"]
849
- ===== `truststore_password`
910
+ ===== `truststore_password`
850
911
 
851
912
  * Value type is <<password,password>>
852
913
  * There is no default value for this setting.
@@ -854,7 +915,7 @@ Use either `:truststore` or `:cacert`.
854
915
  Set the truststore password
855
916
 
856
917
  [id="plugins-{type}s-{plugin}-upsert"]
857
- ===== `upsert`
918
+ ===== `upsert`
858
919
 
859
920
  * Value type is <<string,string>>
860
921
  * Default value is `""`
@@ -863,7 +924,7 @@ Set upsert content for update mode.
863
924
  Create a new document with this parameter as json string if `document_id` doesn't exists
864
925
 
865
926
  [id="plugins-{type}s-{plugin}-user"]
866
- ===== `user`
927
+ ===== `user`
867
928
 
868
929
  * Value type is <<string,string>>
869
930
  * There is no default value for this setting.
@@ -871,7 +932,7 @@ Create a new document with this parameter as json string if `document_id` doesn'
871
932
  Username to authenticate to a secure Elasticsearch cluster
872
933
 
873
934
  [id="plugins-{type}s-{plugin}-validate_after_inactivity"]
874
- ===== `validate_after_inactivity`
935
+ ===== `validate_after_inactivity`
875
936
 
876
937
  * Value type is <<number,number>>
877
938
  * Default value is `10000`
@@ -886,7 +947,7 @@ have become stale (half-closed) while kept inactive in the pool.'
886
947
  See https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/conn/PoolingHttpClientConnectionManager.html#setValidateAfterInactivity(int)[these docs for more info]
887
948
 
888
949
  [id="plugins-{type}s-{plugin}-version"]
889
- ===== `version`
950
+ ===== `version`
890
951
 
891
952
  * Value type is <<string,string>>
892
953
  * There is no default value for this setting.
@@ -895,7 +956,7 @@ The version to use for indexing. Use sprintf syntax like `%{my_version}` to use
895
956
  See https://www.elastic.co/blog/elasticsearch-versioning-support.
896
957
 
897
958
  [id="plugins-{type}s-{plugin}-version_type"]
898
- ===== `version_type`
959
+ ===== `version_type`
899
960
 
900
961
  * Value can be any of: `internal`, `external`, `external_gt`, `external_gte`, `force`
901
962
  * There is no default value for this setting.