logstash-output-elasticsearch 10.5.1-java → 10.7.3-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cefa6633e4a89765721857efffd49144e84f4fd76a2b6625664478076f4623bd
-  data.tar.gz: d774499e956fdf0a2920a27e38830f47f7b479f313666874d447319db8736de6
+  metadata.gz: 800beb4697a44f1c41a41490b627b5b6dd192c695a818b33118e778a0fde7902
+  data.tar.gz: 380591f1e759722fac05fbc8893113ad0821cb9878e5257a9da8dc90f9a4fd09
 SHA512:
-  metadata.gz: 142fdc58605911159a51bdd825bdb22e78f182a61084babc31f6827bf5965aea00dbfb6c9b5c58d55f26e6a9b09ca32b2b48e5a39b887afd400e3793f0d6044c
-  data.tar.gz: 3d98fa8506b2bba7a631f536e025aa5f6f3c50da862ee53509136df3430ce685f0d5adfefcd8bc14a97fdde874bd8e3e220842beaa8772663324e9a7571c145c
+  metadata.gz: 895bdaa0f45d48396b594df34545174a7788eb7647df0fc6cad58ab162950c399319d0c462d97a49133368a88731e3548e4ef508dc7115fd448ebd75b7da6d47
+  data.tar.gz: 96feefdd53810337a249cb4412296515ff049a6a07c0a81c81fc23b4152bd0061f3d7fd3cec7956eb0abb07636c3b78c1dbb16daf1040a77e359dc771f79d67d

data/CHANGELOG.md

@@ -1,3 +1,25 @@
+## 10.7.3
+ - Added composable index template support for elasticsearch version 8 [#980](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/980)
+
+## 10.7.2
+ - [DOC] Fixed links to restructured Logstash-to-cloud docs [#975](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/975)
+
+## 10.7.1
+ - [DOC] Document the permissions required in secured clusters [#969](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/969)
+  
+## 10.7.0
+ - Changed: don't set the pipeline parameter if the value resolves to an empty string [#962](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/962)
+
+## 10.6.2
+ - [DOC] Added clarifying info on http compression settings and behaviors [#943](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/943)
+ - [DOC] Fixed entry for ilm_policy default value[#956](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/956)
+
+## 10.6.1
+ - Fixed an issue introduced in 10.6.0 that broke Logstash Core's monitoring feature when this plugin is run in Logstash 7.7-7.8. [#953](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/953)
+
+## 10.6.0
+ - Added `ecs_compatiblity` mode, for managing ECS-compatable templates [#952](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/952)
+
 ## 10.5.1
   - [DOC] Removed outdated compatibility notices, reworked cloud notice, and fixed formatting for `hosts` examples [#938](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/938)
 

data/CONTRIBUTORS

@@ -26,6 +26,7 @@ Contributors:
 * Tom Hodder (tolland)
 * jimmyjones2
 * Gabriel Moskovicz (gmoskovicz)
+* Luca Belluccini (lucabelluccini)
 
 Note: If you've sent us patches, bug reports, or otherwise contributed to
 Logstash, and you aren't on the list above and want to be, please let us know

data/docs/index.asciidoc

@@ -23,14 +23,14 @@ include::{include_path}/plugin_header.asciidoc[]
 
 If you plan to use the Kibana web interface to analyze data transformed by
 Logstash, use the Elasticsearch output plugin to get your data into
-Elasticsearch. 
+Elasticsearch.
 
 This output only speaks the HTTP protocol as it is the preferred protocol for
 interacting with Elasticsearch. In previous versions it was possible to
 communicate with Elasticsearch through the transport protocol, which is now
 reserved for internal cluster communication between nodes
 https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html[communication between nodes].
-Using the https://www.elastic.co/guide/en/elasticsearch/reference/current/java-clients.html[transport protocol] 
+Using the https://www.elastic.co/guide/en/elasticsearch/reference/current/java-clients.html[transport protocol]
 to communicate with the cluster has been deprecated in Elasticsearch 7.0.0 and
 will be removed in 8.0.0
 
@@ -53,16 +53,27 @@ connecting to Elasticsearch 7.x.
 
 ===== Hosted {es} Service on Elastic Cloud
 
-You can run Elasticsearch on your own hardware, or use our
-https://www.elastic.co/cloud/elasticsearch-service[hosted {es} Service] on
-Elastic Cloud. The Elasticsearch Service is available on AWS, Google Cloud
-Platform, and Microsoft Azure. {ess-trial}[Try the {es} Service for free].
+{ess-leadin}
+
+==== Compatibility with the Elastic Common Schema (ECS)
+
+This plugin will persist events to Elasticsearch in the shape produced by
+your pipeline, and _cannot_ be used to re-shape the event structure into a
+shape that complies with ECS. To produce events that fully comply with ECS,
+you will need to populate ECS-defined fields throughout your pipeline
+definition.
+
+However, the Elasticsearch Index Templates it manages can be configured to
+be ECS-compatible by setting <<plugins-{type}s-{plugin}-ecs_compatibility>>.
+By having an ECS-compatible template in place, we can ensure that Elasticsearch
+is prepared to create and index fields in a way that is compatible with ECS,
+and will correctly reject events with fields that conflict and cannot be coerced.
 
 ==== Writing to different indices: best practices
 
 [NOTE]
 ================================================================================
-You cannot use dynamic variable substitution when `ilm_enabled` is `true` and 
+You cannot use dynamic variable substitution when `ilm_enabled` is `true` and
 when using `ilm_rollover_alias`.
 
 ================================================================================
@@ -77,7 +88,10 @@ Each Elasticsearch output is a new client connected to the cluster:
  * it has to initialize the client and connect to Elasticsearch (restart time is longer if you have more clients)
  * it has an associated connection pool
 
-In order to minimize the number of open connections to Elasticsearch, maximize the bulk size and reduce the number of "small" bulk requests (which could easily fill up the queue), it is usually more efficient to have a single Elasticsearch output.
+In order to minimize the number of open connections to Elasticsearch, maximize
+the bulk size and reduce the number of "small" bulk requests (which could easily
+fill up the queue), it is usually more efficient to have a single Elasticsearch
+output.
 
 Example:
 [source,ruby]
@@ -86,11 +100,14 @@ Example:
         index => "%{[some_field][sub_field]}-%{+YYYY.MM.dd}"
       }
     }
- 
+
 **What to do in case there is no field in the event containing the destination index prefix?**
 
-You can use the `mutate` filter and conditionals to add a `[@metadata]` field (see https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#metadata) to set
-the destination index for each event. The `[@metadata]` fields will not be sent to Elasticsearch.
+You can use the `mutate` filter and conditionals to add a `[@metadata]` field
+(see
+https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#metadata)
+to set the destination index for each event. The `[@metadata]` fields will not
+be sent to Elasticsearch.
 
 Example:
 [source,ruby]
@@ -122,7 +139,7 @@ HTTP requests to the bulk API are expected to return a 200 response code. All ot
 The following document errors are handled as follows:
 
   * 400 and 404 errors are sent to the dead letter queue (DLQ), if enabled. If a DLQ is not enabled, a log message will be emitted, and the event will be dropped. See <<plugins-{type}s-{plugin}-dlq-policy>> for more info.
-  * 409 errors (conflict) are logged as a warning and dropped. 
+  * 409 errors (conflict) are logged as a warning and dropped.
 
 Note that 409 exceptions are no longer retried. Please set a higher `retry_on_conflict` value if you experience 409 exceptions.
 It is more performant for Elasticsearch to retry these exceptions than this plugin.
@@ -204,18 +221,29 @@ not reevaluate its DNS value while the keepalive is in effect.
 
 ==== HTTP Compression
 
-This plugin supports request and response compression. Response compression is enabled by default and 
-for Elasticsearch versions 5.0 and later, the user doesn't have to set any configs in Elasticsearch for 
-it to send back compressed response. For versions before 5.0, `http.compression` must be set to `true` https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html#modules-http[in 
-Elasticsearch] to take advantage of response compression when using this plugin
+This plugin supports request and response compression. Response compression is
+enabled by default for HTTP and for Elasticsearch versions 5.0 and later.
 
-For requests compression, regardless of the Elasticsearch version, users have to enable `http_compression` 
-setting in their Logstash config file.
+You don't have to set any configs in Elasticsearch for it to send back a
+compressed response. For versions before 5.0, or if HTTPS is enabled,
+`http.compression` must be set to `true`
+https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-http.html#modules-http[in
+Elasticsearch] to take advantage of response compression when using this plugin.
+
+For requests compression, regardless of the Elasticsearch version, enable the
+`http_compression` setting in the Logstash config file.
 
 ==== Authentication
 
 Authentication to a secure Elasticsearch cluster is possible using one of the `user`/`password`, `cloud_auth` or `api_key` options.
 
+[id="plugins-{type}s-{plugin}-autz"]
+==== Authorization
+
+Authorization to a secure Elasticsearch cluster requires `read` permission at index level and `monitoring` permissions at cluster level.
+The `monitoring` permission at cluster level is necessary to perform periodic connectivity checks.
+
+
 [id="plugins-{type}s-{plugin}-options"]
 ==== Elasticsearch Output Configuration Options
 
@@ -234,6 +262,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-doc_as_upsert>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-document_id>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-document_type>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
 | <<plugins-{type}s-{plugin}-failure_type_logging_whitelist>> |<<array,array>>|No
 | <<plugins-{type}s-{plugin}-healthcheck_path>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-hosts>> |<<uri,uri>>|No
@@ -288,7 +317,7 @@ output plugins.
 &nbsp;
 
 [id="plugins-{type}s-{plugin}-action"]
-===== `action` 
+===== `action`
 
   * Value type is <<string,string>>
   * Default value is `"index"`
@@ -319,7 +348,7 @@ Authenticate using Elasticsearch API key. Note that this option also requires en
 Format is `id:api_key` where `id` and `api_key` are as returned by the Elasticsearch https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html[Create API key API].
 
 [id="plugins-{type}s-{plugin}-bulk_path"]
-===== `bulk_path` 
+===== `bulk_path`
 
   * Value type is <<string,string>>
   * There is no default value for this setting.
@@ -328,7 +357,7 @@ HTTP Path to perform the _bulk requests to
 this defaults to a concatenation of the path parameter and "_bulk"
 
 [id="plugins-{type}s-{plugin}-cacert"]
-===== `cacert` 
+===== `cacert`
 
   * Value type is <<path,path>>
   * There is no default value for this setting.
@@ -343,7 +372,7 @@ The .cer or .pem file to validate the server's certificate
 
 Cloud authentication string ("<username>:<password>" format) is an alternative for the `user`/`password` pair.
 
-For more details, check out the https://www.elastic.co/guide/en/logstash/current/connecting-to-cloud.html#_cloud_auth[Logstash-to-Cloud documentation]
+For more details, check out the https://www.elastic.co/guide/en/logstash/current/connecting-to-cloud.html[Logstash-to-Cloud documentation]
 
 [id="plugins-{type}s-{plugin}-cloud_id"]
 ===== `cloud_id`
@@ -353,10 +382,10 @@ For more details, check out the https://www.elastic.co/guide/en/logstash/current
 
 Cloud ID, from the Elastic Cloud web console. If set `hosts` should not be used.
 
-For more details, check out the https://www.elastic.co/guide/en/logstash/current/connecting-to-cloud.html#_cloud_id[Logstash-to-Cloud documentation]
+For more details, check out the https://www.elastic.co/guide/en/logstash/current/connecting-to-cloud.html[Logstash-to-Cloud documentation]
 
 [id="plugins-{type}s-{plugin}-doc_as_upsert"]
-===== `doc_as_upsert` 
+===== `doc_as_upsert`
 
   * Value type is <<boolean,boolean>>
   * Default value is `false`
@@ -365,7 +394,7 @@ Enable `doc_as_upsert` for update mode.
 Create a new document with source if `document_id` doesn't exist in Elasticsearch
 
 [id="plugins-{type}s-{plugin}-document_id"]
-===== `document_id` 
+===== `document_id`
 
   * Value type is <<string,string>>
   * There is no default value for this setting.
@@ -373,7 +402,7 @@ Create a new document with source if `document_id` doesn't exist in Elasticsearc
 The document ID for the index. Useful for overwriting existing entries in Elasticsearch with the same ID.
 
 [id="plugins-{type}s-{plugin}-document_type"]
-===== `document_type` 
+===== `document_type`
 
   * Value type is <<string,string>>
   * There is no default value for this setting.
@@ -393,8 +422,27 @@ If you don't set a value for this option:
 - for elasticsearch clusters 6.x: the value of 'doc' will be used;
 - for elasticsearch clusters 5.x and below: the event's 'type' field will be used, if the field is not present the value of 'doc' will be used.
 
+[id="plugins-{type}s-{plugin}-ecs_compatibility"]
+===== `ecs_compatibility`
+
+* Value type is <<string,string>>
+* Supported values are:
+** `disabled`: does not provide ECS-compatible templates
+** `v1`: provides defaults that are compatible with v1 of the Elastic Common Schema
+* Default value depends on which version of Logstash is running:
+** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
+** Otherwise, the default value is `disabled`.
+
+Controls this plugin's compatibility with the https://www.elastic.co/guide/en/ecs/current/index.html[Elastic Common Schema (ECS)],
+including the installation of ECS-compatible index templates.
+The value of this setting affects the _default_ values of:
+
+* <<plugins-{type}s-{plugin}-index>>
+* <<plugins-{type}s-{plugin}-template_name>>
+* <<plugins-{type}s-{plugin}-ilm_rollover_alias>>
+
 [id="plugins-{type}s-{plugin}-failure_type_logging_whitelist"]
-===== `failure_type_logging_whitelist` 
+===== `failure_type_logging_whitelist`
 
   * Value type is <<array,array>>
   * Default value is `[]`
@@ -415,7 +463,7 @@ an elasticsearch node. The headers will be used for any kind of request
 These custom headers will be overidden by settings like `http_compression`.
 
 [id="plugins-{type}s-{plugin}-healthcheck_path"]
-===== `healthcheck_path` 
+===== `healthcheck_path`
 
   * Value type is <<string,string>>
   * There is no default value for this setting.
@@ -426,7 +474,7 @@ before it is once again eligible to service requests.
 If you have custom firewall rules you may need to change this
 
 [id="plugins-{type}s-{plugin}-hosts"]
-===== `hosts` 
+===== `hosts`
 
   * Value type is <<uri,uri>>
   * Default value is `[//127.0.0.1]`
@@ -442,13 +490,17 @@ Examples:
     `["https://127.0.0.1:9200"]`
     `["https://127.0.0.1:9200/mypath"]` (If using a proxy on a subpath)
 
-It is important to exclude http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html[dedicated master nodes] from the `hosts` list
-to prevent LS from sending bulk requests to the master nodes.  So this parameter should only reference either data or client nodes in Elasticsearch.
+Exclude
+http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html[dedicated
+master nodes] from the `hosts` list to prevent Logstash from sending bulk
+requests to the master nodes. This parameter should reference only data or
+client nodes in Elasticsearch.
 
-Any special characters present in the URLs here MUST be URL escaped! This means `#` should be put in as `%23` for instance.
+Any special characters present in the URLs here MUST be URL escaped! This means
+`#` should be put in as `%23` for instance.
 
 [id="plugins-{type}s-{plugin}-http_compression"]
-===== `http_compression` 
+===== `http_compression`
 
   * Value type is <<boolean,boolean>>
   * Default value is `false`
@@ -485,11 +537,14 @@ NOTE: Updating the pattern will require the index template to be rewritten
 
 NOTE: The pattern must finish with a dash and a number that will be automatically incremented when indices rollover.
 
+NOTE: The pattern is a 6-digit string padded by zeros, regardless of prior index name. Example: 000001.
+See {ref}/indices-rollover-index.html#rollover-index-api-path-params[Rollover path parameters API docs] for details.
+
 [id="plugins-{type}s-{plugin}-ilm_policy"]
 ===== `ilm_policy`
 
   * Value type is <<string,string>>
-  * Default value is `logstash`
+  * Default value is `logstash-policy`
 
 Modify this setting to use a custom Index Lifecycle Management policy, rather than the default. If this value is not set, the default policy will
 be automatically installed into Elasticsearch
@@ -500,7 +555,9 @@ NOTE: If this setting is specified, the policy must already exist in Elasticsear
 ===== `ilm_rollover_alias`
 
   * Value type is <<string,string>>
-  * Default value is `logstash`
+  * Default value depends on whether <<plugins-{type}s-{plugin}-ecs_compatibility>> is enabled:
+  ** ECS Compatibility disabled: `logstash`
+  ** ECS Compatibility enabled: `ecs-logstash`
 
 The rollover alias is the alias where indices managed using Index Lifecycle Management will be written to.
 
@@ -511,10 +568,12 @@ NOTE: Updating the rollover alias will require the index template to be rewritte
 NOTE: `ilm_rollover_alias` does NOT support dynamic variable substitution as `index` does.
 
 [id="plugins-{type}s-{plugin}-index"]
-===== `index` 
+===== `index`
 
   * Value type is <<string,string>>
-  * Default value is `"logstash-%{+yyyy.MM.dd}"`
+  * Default value depends on whether <<plugins-{type}s-{plugin}-ecs_compatibility>> is enabled:
+  ** ECS Compatibility disabled: `"logstash-%{+yyyy.MM.dd}"`
+  ** ECS Compatibility enabled: `"ecs-logstash-%{+yyyy.MM.dd}"`
 
 The index to write events to. This can be dynamic using the `%{foo}` syntax.
 The default value will partition your indices by day so you can more easily
@@ -525,7 +584,7 @@ LS uses Joda to format the index pattern from event timestamp.
 Joda formats are defined http://www.joda.org/joda-time/apidocs/org/joda/time/format/DateTimeFormat.html[here].
 
 [id="plugins-{type}s-{plugin}-keystore"]
-===== `keystore` 
+===== `keystore`
 
   * Value type is <<path,path>>
   * There is no default value for this setting.
@@ -534,7 +593,7 @@ The keystore used to present a certificate to the server.
 It can be either .jks or .p12
 
 [id="plugins-{type}s-{plugin}-keystore_password"]
-===== `keystore_password` 
+===== `keystore_password`
 
   * Value type is <<password,password>>
   * There is no default value for this setting.
@@ -542,13 +601,14 @@ It can be either .jks or .p12
 Set the keystore password
 
 [id="plugins-{type}s-{plugin}-manage_template"]
-===== `manage_template` 
+===== `manage_template`
 
   * Value type is <<boolean,boolean>>
   * Default value is `true`
 
 From Logstash 1.3 onwards, a template is applied to Elasticsearch during
-Logstash's startup if one with the name `template_name` does not already exist.
+Logstash's startup if one with the name <<plugins-{type}s-{plugin}-template_name>>
+does not already exist.
 By default, the contents of this template is the default template for
 `logstash-%{+YYYY.MM.dd}` which always matches indices based on the pattern
 `logstash-*`.  Should you require support for other index names, or would like
@@ -561,7 +621,7 @@ field names) you should set `manage_template` to false and use the REST
 API to apply your templates manually.
 
 [id="plugins-{type}s-{plugin}-parameters"]
-===== `parameters` 
+===== `parameters`
 
   * Value type is <<hash,hash>>
   * There is no default value for this setting.
@@ -571,7 +631,7 @@ to every host listed in the 'hosts' configuration. If the 'hosts' list contains
 urls that already have query strings, the one specified here will be appended.
 
 [id="plugins-{type}s-{plugin}-parent"]
-===== `parent` 
+===== `parent`
 
   * Value type is <<string,string>>
   * Default value is `nil`
@@ -580,7 +640,7 @@ For child documents, ID of the associated parent.
 This can be dynamic using the `%{foo}` syntax.
 
 [id="plugins-{type}s-{plugin}-password"]
-===== `password` 
+===== `password`
 
   * Value type is <<password,password>>
   * There is no default value for this setting.
@@ -588,7 +648,7 @@ This can be dynamic using the `%{foo}` syntax.
 Password to authenticate to a secure Elasticsearch cluster
 
 [id="plugins-{type}s-{plugin}-path"]
-===== `path` 
+===== `path`
 
   * Value type is <<string,string>>
   * There is no default value for this setting.
@@ -599,16 +659,16 @@ Note that if you use paths as components of URLs in the 'hosts' field you may
 not also set this field. That will raise an error at startup
 
 [id="plugins-{type}s-{plugin}-pipeline"]
-===== `pipeline` 
+===== `pipeline`
 
   * Value type is <<string,string>>
   * Default value is `nil`
 
-Set which ingest pipeline you wish to execute for an event. You can also use event dependent configuration
-here like `pipeline => "%{INGEST_PIPELINE}"`
+Set which ingest pipeline you wish to execute for an event. You can also use event dependent configuration here
+like `pipeline => "%{[@metadata][pipeline]}"`. The pipeline parameter won't be set if the value resolves to empty string ("").
 
 [id="plugins-{type}s-{plugin}-pool_max"]
-===== `pool_max` 
+===== `pool_max`
 
   * Value type is <<number,number>>
   * Default value is `1000`
@@ -619,7 +679,7 @@ Setting this too low may mean frequently closing / opening connections
 which is bad.
 
 [id="plugins-{type}s-{plugin}-pool_max_per_route"]
-===== `pool_max_per_route` 
+===== `pool_max_per_route`
 
   * Value type is <<number,number>>
   * Default value is `100`
@@ -630,7 +690,7 @@ Setting this too low may mean frequently closing / opening connections
 which is bad.
 
 [id="plugins-{type}s-{plugin}-proxy"]
-===== `proxy` 
+===== `proxy`
 
   * Value type is <<uri,uri>>
   * There is no default value for this setting.
@@ -641,7 +701,7 @@ An empty string is treated as if proxy was not set. This is useful when using
 environment variables e.g. `proxy => '${LS_PROXY:}'`.
 
 [id="plugins-{type}s-{plugin}-resurrect_delay"]
-===== `resurrect_delay` 
+===== `resurrect_delay`
 
   * Value type is <<number,number>>
   * Default value is `5`
@@ -651,7 +711,7 @@ Resurrection is the process by which backend endpoints marked 'down' are checked
 to see if they have come back to life
 
 [id="plugins-{type}s-{plugin}-retry_initial_interval"]
-===== `retry_initial_interval` 
+===== `retry_initial_interval`
 
   * Value type is <<number,number>>
   * Default value is `2`
@@ -659,7 +719,7 @@ to see if they have come back to life
 Set initial interval in seconds between bulk retries. Doubled on each retry up to `retry_max_interval`
 
 [id="plugins-{type}s-{plugin}-retry_max_interval"]
-===== `retry_max_interval` 
+===== `retry_max_interval`
 
   * Value type is <<number,number>>
   * Default value is `64`
@@ -667,17 +727,15 @@ Set initial interval in seconds between bulk retries. Doubled on each retry up t
 Set max interval in seconds between bulk retries.
 
 [id="plugins-{type}s-{plugin}-retry_on_conflict"]
-===== `retry_on_conflict` 
+===== `retry_on_conflict`
 
   * Value type is <<number,number>>
   * Default value is `1`
 
-The number of times Elasticsearch should internally retry an update/upserted document
-See the https://www.elastic.co/guide/en/elasticsearch/guide/current/partial-updates.html[partial updates]
-for more info
+The number of times Elasticsearch should internally retry an update/upserted document.
 
 [id="plugins-{type}s-{plugin}-routing"]
-===== `routing` 
+===== `routing`
 
   * Value type is <<string,string>>
   * There is no default value for this setting.
@@ -686,7 +744,7 @@ A routing override to be applied to all processed events.
 This can be dynamic using the `%{foo}` syntax.
 
 [id="plugins-{type}s-{plugin}-script"]
-===== `script` 
+===== `script`
 
   * Value type is <<string,string>>
   * Default value is `""`
@@ -702,7 +760,7 @@ Example:
     }
 
 [id="plugins-{type}s-{plugin}-script_lang"]
-===== `script_lang` 
+===== `script_lang`
 
   * Value type is <<string,string>>
   * Default value is `"painless"`
@@ -711,7 +769,7 @@ Set the language of the used script. If not set, this defaults to painless in ES
 When using indexed (stored) scripts on Elasticsearch 6 and higher, you must set this parameter to `""` (empty string).
 
 [id="plugins-{type}s-{plugin}-script_type"]
-===== `script_type` 
+===== `script_type`
 
   * Value can be any of: `inline`, `indexed`, `file`
   * Default value is `["inline"]`
@@ -722,7 +780,7 @@ Define the type of script referenced by "script" variable
  file    : "script" contains the name of script stored in elasticsearch's config directory
 
 [id="plugins-{type}s-{plugin}-script_var_name"]
-===== `script_var_name` 
+===== `script_var_name`
 
   * Value type is <<string,string>>
   * Default value is `"event"`
@@ -730,7 +788,7 @@ Define the type of script referenced by "script" variable
 Set variable name passed to script (scripted update)
 
 [id="plugins-{type}s-{plugin}-scripted_upsert"]
-===== `scripted_upsert` 
+===== `scripted_upsert`
 
   * Value type is <<boolean,boolean>>
   * Default value is `false`
@@ -738,7 +796,7 @@ Set variable name passed to script (scripted update)
 if enabled, script is in charge of creating non-existent document (scripted update)
 
 [id="plugins-{type}s-{plugin}-sniffing"]
-===== `sniffing` 
+===== `sniffing`
 
   * Value type is <<boolean,boolean>>
   * Default value is `false`
@@ -748,7 +806,7 @@ For Elasticsearch 1.x and 2.x any nodes with `http.enabled` (on by default) will
 For Elasticsearch 5.x and 6.x any nodes with `http.enabled` (on by default) will be added to the hosts list, excluding master-only nodes.
 
 [id="plugins-{type}s-{plugin}-sniffing_delay"]
-===== `sniffing_delay` 
+===== `sniffing_delay`
 
   * Value type is <<number,number>>
   * Default value is `5`
@@ -756,7 +814,7 @@ For Elasticsearch 5.x and 6.x any nodes with `http.enabled` (on by default) will
 How long to wait, in seconds, between sniffing attempts
 
 [id="plugins-{type}s-{plugin}-sniffing_path"]
-===== `sniffing_path` 
+===== `sniffing_path`
 
   * Value type is <<string,string>>
   * There is no default value for this setting.
@@ -767,7 +825,7 @@ if sniffing_path is set it will be used as an absolute path
 do not use full URL here, only paths, e.g. "/sniff/_nodes/http"
 
 [id="plugins-{type}s-{plugin}-ssl"]
-===== `ssl` 
+===== `ssl`
 
   * Value type is <<boolean,boolean>>
   * There is no default value for this setting.
@@ -777,7 +835,7 @@ is specified in the URLs listed in 'hosts'. If no explicit protocol is specified
 If SSL is explicitly disabled here the plugin will refuse to start if an HTTPS URL is given in 'hosts'
 
 [id="plugins-{type}s-{plugin}-ssl_certificate_verification"]
-===== `ssl_certificate_verification` 
+===== `ssl_certificate_verification`
 
   * Value type is <<boolean,boolean>>
   * Default value is `true`
@@ -787,7 +845,7 @@ For more information on disabling certificate verification please read
 https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
 
 [id="plugins-{type}s-{plugin}-template"]
-===== `template` 
+===== `template`
 
   * Value type is <<path,path>>
   * There is no default value for this setting.
@@ -796,10 +854,13 @@ You can set the path to your own template here, if you so desire.
 If not set, the included template will be used.
 
 [id="plugins-{type}s-{plugin}-template_name"]
-===== `template_name` 
+===== `template_name`
 
   * Value type is <<string,string>>
-  * Default value is `"logstash"`
+  * Default value depends on whether <<plugins-{type}s-{plugin}-ecs_compatibility>> is enabled:
+  ** ECS Compatibility disabled: `logstash`
+  ** ECS Compatibility enabled: `ecs-logstash`
+
 
 This configuration option defines how the template is named inside Elasticsearch.
 Note that if you have used the template management features and subsequently
@@ -810,7 +871,7 @@ change this, you will need to prune the old template manually, e.g.
 where `OldTemplateName` is whatever the former setting was.
 
 [id="plugins-{type}s-{plugin}-template_overwrite"]
-===== `template_overwrite` 
+===== `template_overwrite`
 
   * Value type is <<boolean,boolean>>
   * Default value is `false`
@@ -827,7 +888,7 @@ template (logstash), setting this to true will make Logstash to overwrite
 the "logstash" template (i.e. removing all customized settings)
 
 [id="plugins-{type}s-{plugin}-timeout"]
-===== `timeout` 
+===== `timeout`
 
   * Value type is <<number,number>>
   * Default value is `60`
@@ -836,7 +897,7 @@ Set the timeout, in seconds, for network operations and requests sent Elasticsea
 a timeout occurs, the request will be retried.
 
 [id="plugins-{type}s-{plugin}-truststore"]
-===== `truststore` 
+===== `truststore`
 
   * Value type is <<path,path>>
   * There is no default value for this setting.
@@ -846,7 +907,7 @@ It can be either .jks or .p12.
 Use either `:truststore` or `:cacert`.
 
 [id="plugins-{type}s-{plugin}-truststore_password"]
-===== `truststore_password` 
+===== `truststore_password`
 
   * Value type is <<password,password>>
   * There is no default value for this setting.
@@ -854,7 +915,7 @@ Use either `:truststore` or `:cacert`.
 Set the truststore password
 
 [id="plugins-{type}s-{plugin}-upsert"]
-===== `upsert` 
+===== `upsert`
 
   * Value type is <<string,string>>
   * Default value is `""`
@@ -863,7 +924,7 @@ Set upsert content for update mode.
 Create a new document with this parameter as json string if `document_id` doesn't exists
 
 [id="plugins-{type}s-{plugin}-user"]
-===== `user` 
+===== `user`
 
   * Value type is <<string,string>>
   * There is no default value for this setting.
@@ -871,7 +932,7 @@ Create a new document with this parameter as json string if `document_id` doesn'
 Username to authenticate to a secure Elasticsearch cluster
 
 [id="plugins-{type}s-{plugin}-validate_after_inactivity"]
-===== `validate_after_inactivity` 
+===== `validate_after_inactivity`
 
   * Value type is <<number,number>>
   * Default value is `10000`
@@ -886,7 +947,7 @@ have become stale (half-closed) while kept inactive in the pool.'
 See https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/conn/PoolingHttpClientConnectionManager.html#setValidateAfterInactivity(int)[these docs for more info]
 
 [id="plugins-{type}s-{plugin}-version"]
-===== `version` 
+===== `version`
 
   * Value type is <<string,string>>
   * There is no default value for this setting.
@@ -895,7 +956,7 @@ The version to use for indexing. Use sprintf syntax like `%{my_version}` to use
 See https://www.elastic.co/blog/elasticsearch-versioning-support.
 
 [id="plugins-{type}s-{plugin}-version_type"]
-===== `version_type` 
+===== `version_type`
 
   * Value can be any of: `internal`, `external`, `external_gt`, `external_gte`, `force`
   * There is no default value for this setting.