logstash-output-elasticsearch 11.22.0-java → 11.22.2-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/docs/index.asciidoc +46 -24
- data/lib/logstash/outputs/elasticsearch.rb +11 -7
- data/logstash-output-elasticsearch.gemspec +1 -1
- data/spec/unit/outputs/elasticsearch_spec.rb +26 -4
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 011acede8b368a5fcf578665eacc4393b1d0bc531fc2f5c47814345826534d6f
|
|
4
|
+
data.tar.gz: 00b17bcff6d2100a03e801da6e4dff1c97d58adee514764c0c6c7a11588d2bd8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c01b55a7daa6609256624e44f2f05f5528adc114a928c150dae3a06f6596d8cc0473252b207b60bd0dbaaeb801e4f44bc1b8338900030d8acfa981ee4cc1807a
|
|
7
|
+
data.tar.gz: b422aca67422e08a8627f7b276f32d88ca0320823248bf89b6124eb2f205866718cbdc7f208b36ed595f6810737813c9ce291343885621622bd7cc7dbf427842
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
## 11.22.2
|
|
2
|
+
- [DOC] Add content for sending data to Elasticsearch on serverless [#1164](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1164)
|
|
3
|
+
|
|
4
|
+
## 11.22.1
|
|
5
|
+
- Fix, avoid to populate `version` and `version_type` attributes when processing integration metadata and datastream is enabled. [#1161](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1161)
|
|
6
|
+
|
|
1
7
|
## 11.22.0
|
|
2
8
|
- Added support for propagating event processing metadata when this output is downstream of an Elastic Integration Filter and configured _without_ explicit `version`, `version_type`, or `routing` directives [#1158](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1158)
|
|
3
9
|
|
data/docs/index.asciidoc
CHANGED
|
@@ -30,7 +30,7 @@ the website landing page or in the {ref}[Elasticsearch documentation].
|
|
|
30
30
|
|
|
31
31
|
.Compatibility Note
|
|
32
32
|
[NOTE]
|
|
33
|
-
|
|
33
|
+
=====
|
|
34
34
|
When connected to Elasticsearch 7.x, modern versions of this plugin
|
|
35
35
|
don't use the document-type when inserting documents, unless the user
|
|
36
36
|
explicitly sets <<plugins-{type}s-{plugin}-document_type>>.
|
|
@@ -42,9 +42,30 @@ picks up changes to the Elasticsearch index template.
|
|
|
42
42
|
If you are using a custom <<plugins-{type}s-{plugin}-template>>,
|
|
43
43
|
ensure your template uses the `_doc` document-type before
|
|
44
44
|
connecting to Elasticsearch 7.x.
|
|
45
|
-
|
|
45
|
+
=====
|
|
46
46
|
|
|
47
|
-
|
|
47
|
+
[id="plugins-{type}s-{plugin}-serverless"]
|
|
48
|
+
==== {ls} to {es-serverless}
|
|
49
|
+
|
|
50
|
+
You can use this plugin to send your {ls} data to {es-serverless}.
|
|
51
|
+
Some differences to note between {es-serverless} and self-managed {es}:
|
|
52
|
+
|
|
53
|
+
* Use *API keys* to access {serverless-full} from {ls}.
|
|
54
|
+
Any user-based security settings in your in your <<plugins-outputs-elasticsearch,{es} output plugin>> configuration are ignored and may cause errors.
|
|
55
|
+
* {es-serverless} uses *data streams* and {ref}/data-stream-lifecycle.html[{dlm} ({dlm-init})] instead of {ilm} ({ilm-init}).
|
|
56
|
+
Any {ilm-init} settings in your <<plugins-outputs-elasticsearch,{es} output plugin>> configuration are ignored and may cause errors.
|
|
57
|
+
* *{ls} monitoring* is available through the https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md[{ls} Integration] in {serverless-docs}/observability/what-is-observability-serverless[Elastic Observability] on {serverless-full}.
|
|
58
|
+
|
|
59
|
+
.Known issue for {ls} to {es-serverless}
|
|
60
|
+
****
|
|
61
|
+
The logstash-output-elasticsearch `hosts` setting on {serverless-short} defaults the port to 9200 when omitted.
|
|
62
|
+
Set the value to port :443 instead.
|
|
63
|
+
****
|
|
64
|
+
|
|
65
|
+
For more info on sending data from {ls} to {es-serverless}, check out the {serverless-docs}/elasticsearch/what-is-elasticsearch-serverless[{es-serverless} docs].
|
|
66
|
+
|
|
67
|
+
[id="plugins-{type}s-{plugin}-ess"]
|
|
68
|
+
==== Hosted {es} Service on Elastic Cloud
|
|
48
69
|
|
|
49
70
|
{ess-leadin}
|
|
50
71
|
|
|
@@ -68,8 +89,8 @@ and will correctly reject events with fields that conflict and cannot be coerced
|
|
|
68
89
|
The {es} output plugin can store both time series datasets (such
|
|
69
90
|
as logs, events, and metrics) and non-time series data in Elasticsearch.
|
|
70
91
|
|
|
71
|
-
|
|
72
|
-
as logs, metrics, and events) into {es}:
|
|
92
|
+
Use the data stream options for indexing time series datasets (such
|
|
93
|
+
as logs, metrics, and events) into {es} and {es-serverless}:
|
|
73
94
|
|
|
74
95
|
* <<plugins-{type}s-{plugin}-data_stream>>
|
|
75
96
|
* <<plugins-{type}s-{plugin}-data_stream_auto_routing>>
|
|
@@ -200,27 +221,28 @@ The list of error codes accepted for DLQ could be customized with <<plugins-{typ
|
|
|
200
221
|
but should be used only in motivated cases.
|
|
201
222
|
|
|
202
223
|
[id="plugins-{type}s-{plugin}-ilm"]
|
|
203
|
-
====
|
|
224
|
+
==== {ilm-cap} ({ilm-init})
|
|
204
225
|
|
|
205
226
|
[NOTE]
|
|
206
|
-
|
|
227
|
+
--
|
|
228
|
+
* The {ilm-cap} ({ilm-init}) feature does not apply for {es-serverless}.
|
|
229
|
+
Any {ilm-init} settings in your plugin configuration are ignored and may cause errors.
|
|
230
|
+
* The {ilm-init} feature requires plugin version `9.3.1` or higher.
|
|
231
|
+
* This feature requires an {es} instance of 6.6.0 or higher with at least a Basic license
|
|
232
|
+
--
|
|
207
233
|
|
|
208
|
-
[
|
|
209
|
-
This feature requires an Elasticsearch instance of 6.6.0 or higher with at least a Basic license
|
|
234
|
+
{ls} can use {ref}/index-lifecycle-management.html[{ilm}] to automate the management of indices over time.
|
|
210
235
|
|
|
211
|
-
|
|
212
|
-
Management] to automate the management of indices over time.
|
|
213
|
-
|
|
214
|
-
The use of Index Lifecycle Management is controlled by the `ilm_enabled`
|
|
236
|
+
The use of {ilm} is controlled by the `ilm_enabled`
|
|
215
237
|
setting. By default, this setting detects whether the Elasticsearch instance
|
|
216
|
-
supports
|
|
217
|
-
`true` or `false` to override the automatic detection, or disable
|
|
238
|
+
supports {ilm-init}, and uses it if it is available. `ilm_enabled` can also be set to
|
|
239
|
+
`true` or `false` to override the automatic detection, or disable {ilm-init}.
|
|
218
240
|
|
|
219
|
-
This will overwrite the index settings and adjust the
|
|
220
|
-
the necessary settings for the template to support
|
|
241
|
+
This will overwrite the index settings and adjust the {ls} template to write
|
|
242
|
+
the necessary settings for the template to support {ilm},
|
|
221
243
|
including the index policy and rollover alias to be used.
|
|
222
244
|
|
|
223
|
-
|
|
245
|
+
{ls} creates a rollover alias for the indices to be written to,
|
|
224
246
|
including a pattern for how the actual indices will be named, and unless an ILM
|
|
225
247
|
policy that already exists has been specified, a default policy will also be
|
|
226
248
|
created. The default policy is configured to rollover an index when it reaches
|
|
@@ -246,14 +268,14 @@ See config below for an example:
|
|
|
246
268
|
}
|
|
247
269
|
}
|
|
248
270
|
|
|
249
|
-
NOTE
|
|
250
|
-
|
|
251
|
-
|
|
271
|
+
[NOTE]
|
|
272
|
+
--
|
|
273
|
+
* Custom ILM policies must already exist on the {es} cluster before they can be used.
|
|
274
|
+
* If the rollover alias or pattern is modified, the index template will need to be
|
|
252
275
|
overwritten as the settings `index.lifecycle.name` and
|
|
253
276
|
`index.lifecycle.rollover_alias` are automatically written to the template
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
277
|
+
* If the index property is supplied in the output definition, it will be overwritten by the rollover alias.
|
|
278
|
+
--
|
|
257
279
|
|
|
258
280
|
==== Batch Sizes
|
|
259
281
|
|
|
@@ -499,6 +499,16 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
|
|
|
499
499
|
params[retry_on_conflict_action_name] = @retry_on_conflict
|
|
500
500
|
end
|
|
501
501
|
|
|
502
|
+
event_control = event.get("[@metadata][_ingest_document]")
|
|
503
|
+
event_version, event_version_type = event_control&.values_at("version", "version_type") rescue nil
|
|
504
|
+
|
|
505
|
+
resolved_version = resolve_version(event, event_version)
|
|
506
|
+
resolved_version_type = resolve_version_type(event, event_version_type)
|
|
507
|
+
|
|
508
|
+
# avoid to add nil valued key-value pairs
|
|
509
|
+
params[:version] = resolved_version unless resolved_version.nil?
|
|
510
|
+
params[:version_type] = resolved_version_type unless resolved_version_type.nil?
|
|
511
|
+
|
|
502
512
|
EventActionTuple.new(action, params, event)
|
|
503
513
|
end
|
|
504
514
|
|
|
@@ -538,7 +548,7 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
|
|
|
538
548
|
# @private shared event params factory between index and data_stream mode
|
|
539
549
|
def common_event_params(event)
|
|
540
550
|
event_control = event.get("[@metadata][_ingest_document]")
|
|
541
|
-
event_id, event_pipeline, event_index, event_routing
|
|
551
|
+
event_id, event_pipeline, event_index, event_routing = event_control&.values_at("id","pipeline","index", "routing") rescue nil
|
|
542
552
|
|
|
543
553
|
params = {
|
|
544
554
|
:_id => resolve_document_id(event, event_id),
|
|
@@ -554,12 +564,6 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
|
|
|
554
564
|
# }
|
|
555
565
|
params[:pipeline] = target_pipeline unless (target_pipeline.nil? || target_pipeline.empty?)
|
|
556
566
|
|
|
557
|
-
resolved_version = resolve_version(event, event_version)
|
|
558
|
-
resolved_version_type = resolve_version_type(event, event_version_type)
|
|
559
|
-
# avoid to add nil valued key-value pairs
|
|
560
|
-
params[:version] = resolved_version unless resolved_version.nil?
|
|
561
|
-
params[:version_type] = resolved_version_type unless resolved_version_type.nil?
|
|
562
|
-
|
|
563
567
|
params
|
|
564
568
|
end
|
|
565
569
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-output-elasticsearch'
|
|
3
|
-
s.version = '11.22.
|
|
3
|
+
s.version = '11.22.2'
|
|
4
4
|
s.licenses = ['apache-2.0']
|
|
5
5
|
s.summary = "Stores logs in Elasticsearch"
|
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -297,8 +297,19 @@ describe LogStash::Outputs::ElasticSearch do
|
|
|
297
297
|
context "when the event contains an integration metadata version" do
|
|
298
298
|
let(:event) { LogStash::Event.new({"@metadata" => {"_ingest_document" => {"version" => "456"}}}) }
|
|
299
299
|
|
|
300
|
-
|
|
301
|
-
|
|
300
|
+
context "when datastream settings are NOT configured" do
|
|
301
|
+
it "event's metadata version is used" do
|
|
302
|
+
expect(subject.send(:event_action_tuple, event)[1]).to include(:version => "456")
|
|
303
|
+
end
|
|
304
|
+
end
|
|
305
|
+
|
|
306
|
+
context "when datastream settings are configured" do
|
|
307
|
+
# NOTE: we validate with datastream-specific `data_stream_event_action_tuple`
|
|
308
|
+
let(:event_fields) { super().merge({"data_stream" => {"type" => "logs", "dataset" => "generic", "namespace" => "default"}}) }
|
|
309
|
+
|
|
310
|
+
it "no version is used" do
|
|
311
|
+
expect(subject.send(:data_stream_event_action_tuple, event)[1]).to_not include(:version)
|
|
312
|
+
end
|
|
302
313
|
end
|
|
303
314
|
end
|
|
304
315
|
|
|
@@ -315,8 +326,19 @@ describe LogStash::Outputs::ElasticSearch do
|
|
|
315
326
|
context "when the event contains an integration metadata version_type" do
|
|
316
327
|
let(:event) { LogStash::Event.new({"@metadata" => {"_ingest_document" => {"version_type" => "external"}}}) }
|
|
317
328
|
|
|
318
|
-
|
|
319
|
-
|
|
329
|
+
context "when datastream settings are NOT configured" do
|
|
330
|
+
it "plugin's version_type is used" do
|
|
331
|
+
expect(subject.send(:event_action_tuple, event)[1]).to include(:version_type => "internal")
|
|
332
|
+
end
|
|
333
|
+
end
|
|
334
|
+
|
|
335
|
+
context "when datastream settings are configured" do
|
|
336
|
+
# NOTE: we validate with datastream-specific `data_stream_event_action_tuple`
|
|
337
|
+
let(:event_fields) { super().merge({"data_stream" => {"type" => "logs", "dataset" => "generic", "namespace" => "default"}}) }
|
|
338
|
+
|
|
339
|
+
it "no version_type is used" do
|
|
340
|
+
expect(subject.send(:data_stream_event_action_tuple, event)[1]).to_not include(:version_type)
|
|
341
|
+
end
|
|
320
342
|
end
|
|
321
343
|
end
|
|
322
344
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-output-elasticsearch
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 11.22.
|
|
4
|
+
version: 11.22.2
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-12-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|