logstash-output-elasticsearch 11.22.0-java → 11.22.2-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/docs/index.asciidoc +46 -24
- data/lib/logstash/outputs/elasticsearch.rb +11 -7
- data/logstash-output-elasticsearch.gemspec +1 -1
- data/spec/unit/outputs/elasticsearch_spec.rb +26 -4
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 011acede8b368a5fcf578665eacc4393b1d0bc531fc2f5c47814345826534d6f
|
|
4
|
+
data.tar.gz: 00b17bcff6d2100a03e801da6e4dff1c97d58adee514764c0c6c7a11588d2bd8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c01b55a7daa6609256624e44f2f05f5528adc114a928c150dae3a06f6596d8cc0473252b207b60bd0dbaaeb801e4f44bc1b8338900030d8acfa981ee4cc1807a
|
|
7
|
+
data.tar.gz: b422aca67422e08a8627f7b276f32d88ca0320823248bf89b6124eb2f205866718cbdc7f208b36ed595f6810737813c9ce291343885621622bd7cc7dbf427842
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
## 11.22.2
|
|
2
|
+
- [DOC] Add content for sending data to Elasticsearch on serverless [#1164](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1164)
|
|
3
|
+
|
|
4
|
+
## 11.22.1
|
|
5
|
+
- Fix, avoid to populate `version` and `version_type` attributes when processing integration metadata and datastream is enabled. [#1161](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1161)
|
|
6
|
+
|
|
1
7
|
## 11.22.0
|
|
2
8
|
- Added support for propagating event processing metadata when this output is downstream of an Elastic Integration Filter and configured _without_ explicit `version`, `version_type`, or `routing` directives [#1158](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1158)
|
|
3
9
|
|
data/docs/index.asciidoc
CHANGED
|
@@ -30,7 +30,7 @@ the website landing page or in the {ref}[Elasticsearch documentation].
|
|
|
30
30
|
|
|
31
31
|
.Compatibility Note
|
|
32
32
|
[NOTE]
|
|
33
|
-
|
|
33
|
+
=====
|
|
34
34
|
When connected to Elasticsearch 7.x, modern versions of this plugin
|
|
35
35
|
don't use the document-type when inserting documents, unless the user
|
|
36
36
|
explicitly sets <<plugins-{type}s-{plugin}-document_type>>.
|
|
@@ -42,9 +42,30 @@ picks up changes to the Elasticsearch index template.
|
|
|
42
42
|
If you are using a custom <<plugins-{type}s-{plugin}-template>>,
|
|
43
43
|
ensure your template uses the `_doc` document-type before
|
|
44
44
|
connecting to Elasticsearch 7.x.
|
|
45
|
-
|
|
45
|
+
=====
|
|
46
46
|
|
|
47
|
-
|
|
47
|
+
[id="plugins-{type}s-{plugin}-serverless"]
|
|
48
|
+
==== {ls} to {es-serverless}
|
|
49
|
+
|
|
50
|
+
You can use this plugin to send your {ls} data to {es-serverless}.
|
|
51
|
+
Some differences to note between {es-serverless} and self-managed {es}:
|
|
52
|
+
|
|
53
|
+
* Use *API keys* to access {serverless-full} from {ls}.
|
|
54
|
+
Any user-based security settings in your in your <<plugins-outputs-elasticsearch,{es} output plugin>> configuration are ignored and may cause errors.
|
|
55
|
+
* {es-serverless} uses *data streams* and {ref}/data-stream-lifecycle.html[{dlm} ({dlm-init})] instead of {ilm} ({ilm-init}).
|
|
56
|
+
Any {ilm-init} settings in your <<plugins-outputs-elasticsearch,{es} output plugin>> configuration are ignored and may cause errors.
|
|
57
|
+
* *{ls} monitoring* is available through the https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md[{ls} Integration] in {serverless-docs}/observability/what-is-observability-serverless[Elastic Observability] on {serverless-full}.
|
|
58
|
+
|
|
59
|
+
.Known issue for {ls} to {es-serverless}
|
|
60
|
+
****
|
|
61
|
+
The logstash-output-elasticsearch `hosts` setting on {serverless-short} defaults the port to 9200 when omitted.
|
|
62
|
+
Set the value to port :443 instead.
|
|
63
|
+
****
|
|
64
|
+
|
|
65
|
+
For more info on sending data from {ls} to {es-serverless}, check out the {serverless-docs}/elasticsearch/what-is-elasticsearch-serverless[{es-serverless} docs].
|
|
66
|
+
|
|
67
|
+
[id="plugins-{type}s-{plugin}-ess"]
|
|
68
|
+
==== Hosted {es} Service on Elastic Cloud
|
|
48
69
|
|
|
49
70
|
{ess-leadin}
|
|
50
71
|
|
|
@@ -68,8 +89,8 @@ and will correctly reject events with fields that conflict and cannot be coerced
|
|
|
68
89
|
The {es} output plugin can store both time series datasets (such
|
|
69
90
|
as logs, events, and metrics) and non-time series data in Elasticsearch.
|
|
70
91
|
|
|
71
|
-
|
|
72
|
-
as logs, metrics, and events) into {es}:
|
|
92
|
+
Use the data stream options for indexing time series datasets (such
|
|
93
|
+
as logs, metrics, and events) into {es} and {es-serverless}:
|
|
73
94
|
|
|
74
95
|
* <<plugins-{type}s-{plugin}-data_stream>>
|
|
75
96
|
* <<plugins-{type}s-{plugin}-data_stream_auto_routing>>
|
|
@@ -200,27 +221,28 @@ The list of error codes accepted for DLQ could be customized with <<plugins-{typ
|
|
|
200
221
|
but should be used only in motivated cases.
|
|
201
222
|
|
|
202
223
|
[id="plugins-{type}s-{plugin}-ilm"]
|
|
203
|
-
====
|
|
224
|
+
==== {ilm-cap} ({ilm-init})
|
|
204
225
|
|
|
205
226
|
[NOTE]
|
|
206
|
-
|
|
227
|
+
--
|
|
228
|
+
* The {ilm-cap} ({ilm-init}) feature does not apply for {es-serverless}.
|
|
229
|
+
Any {ilm-init} settings in your plugin configuration are ignored and may cause errors.
|
|
230
|
+
* The {ilm-init} feature requires plugin version `9.3.1` or higher.
|
|
231
|
+
* This feature requires an {es} instance of 6.6.0 or higher with at least a Basic license
|
|
232
|
+
--
|
|
207
233
|
|
|
208
|
-
[
|
|
209
|
-
This feature requires an Elasticsearch instance of 6.6.0 or higher with at least a Basic license
|
|
234
|
+
{ls} can use {ref}/index-lifecycle-management.html[{ilm}] to automate the management of indices over time.
|
|
210
235
|
|
|
211
|
-
|
|
212
|
-
Management] to automate the management of indices over time.
|
|
213
|
-
|
|
214
|
-
The use of Index Lifecycle Management is controlled by the `ilm_enabled`
|
|
236
|
+
The use of {ilm} is controlled by the `ilm_enabled`
|
|
215
237
|
setting. By default, this setting detects whether the Elasticsearch instance
|
|
216
|
-
supports
|
|
217
|
-
`true` or `false` to override the automatic detection, or disable
|
|
238
|
+
supports {ilm-init}, and uses it if it is available. `ilm_enabled` can also be set to
|
|
239
|
+
`true` or `false` to override the automatic detection, or disable {ilm-init}.
|
|
218
240
|
|
|
219
|
-
This will overwrite the index settings and adjust the
|
|
220
|
-
the necessary settings for the template to support
|
|
241
|
+
This will overwrite the index settings and adjust the {ls} template to write
|
|
242
|
+
the necessary settings for the template to support {ilm},
|
|
221
243
|
including the index policy and rollover alias to be used.
|
|
222
244
|
|
|
223
|
-
|
|
245
|
+
{ls} creates a rollover alias for the indices to be written to,
|
|
224
246
|
including a pattern for how the actual indices will be named, and unless an ILM
|
|
225
247
|
policy that already exists has been specified, a default policy will also be
|
|
226
248
|
created. The default policy is configured to rollover an index when it reaches
|
|
@@ -246,14 +268,14 @@ See config below for an example:
|
|
|
246
268
|
}
|
|
247
269
|
}
|
|
248
270
|
|
|
249
|
-
NOTE
|
|
250
|
-
|
|
251
|
-
|
|
271
|
+
[NOTE]
|
|
272
|
+
--
|
|
273
|
+
* Custom ILM policies must already exist on the {es} cluster before they can be used.
|
|
274
|
+
* If the rollover alias or pattern is modified, the index template will need to be
|
|
252
275
|
overwritten as the settings `index.lifecycle.name` and
|
|
253
276
|
`index.lifecycle.rollover_alias` are automatically written to the template
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
277
|
+
* If the index property is supplied in the output definition, it will be overwritten by the rollover alias.
|
|
278
|
+
--
|
|
257
279
|
|
|
258
280
|
==== Batch Sizes
|
|
259
281
|
|
|
@@ -499,6 +499,16 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
|
|
|
499
499
|
params[retry_on_conflict_action_name] = @retry_on_conflict
|
|
500
500
|
end
|
|
501
501
|
|
|
502
|
+
event_control = event.get("[@metadata][_ingest_document]")
|
|
503
|
+
event_version, event_version_type = event_control&.values_at("version", "version_type") rescue nil
|
|
504
|
+
|
|
505
|
+
resolved_version = resolve_version(event, event_version)
|
|
506
|
+
resolved_version_type = resolve_version_type(event, event_version_type)
|
|
507
|
+
|
|
508
|
+
# avoid to add nil valued key-value pairs
|
|
509
|
+
params[:version] = resolved_version unless resolved_version.nil?
|
|
510
|
+
params[:version_type] = resolved_version_type unless resolved_version_type.nil?
|
|
511
|
+
|
|
502
512
|
EventActionTuple.new(action, params, event)
|
|
503
513
|
end
|
|
504
514
|
|
|
@@ -538,7 +548,7 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
|
|
|
538
548
|
# @private shared event params factory between index and data_stream mode
|
|
539
549
|
def common_event_params(event)
|
|
540
550
|
event_control = event.get("[@metadata][_ingest_document]")
|
|
541
|
-
event_id, event_pipeline, event_index, event_routing
|
|
551
|
+
event_id, event_pipeline, event_index, event_routing = event_control&.values_at("id","pipeline","index", "routing") rescue nil
|
|
542
552
|
|
|
543
553
|
params = {
|
|
544
554
|
:_id => resolve_document_id(event, event_id),
|
|
@@ -554,12 +564,6 @@ class LogStash::Outputs::ElasticSearch < LogStash::Outputs::Base
|
|
|
554
564
|
# }
|
|
555
565
|
params[:pipeline] = target_pipeline unless (target_pipeline.nil? || target_pipeline.empty?)
|
|
556
566
|
|
|
557
|
-
resolved_version = resolve_version(event, event_version)
|
|
558
|
-
resolved_version_type = resolve_version_type(event, event_version_type)
|
|
559
|
-
# avoid to add nil valued key-value pairs
|
|
560
|
-
params[:version] = resolved_version unless resolved_version.nil?
|
|
561
|
-
params[:version_type] = resolved_version_type unless resolved_version_type.nil?
|
|
562
|
-
|
|
563
567
|
params
|
|
564
568
|
end
|
|
565
569
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-output-elasticsearch'
|
|
3
|
-
s.version = '11.22.
|
|
3
|
+
s.version = '11.22.2'
|
|
4
4
|
s.licenses = ['apache-2.0']
|
|
5
5
|
s.summary = "Stores logs in Elasticsearch"
|
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -297,8 +297,19 @@ describe LogStash::Outputs::ElasticSearch do
|
|
|
297
297
|
context "when the event contains an integration metadata version" do
|
|
298
298
|
let(:event) { LogStash::Event.new({"@metadata" => {"_ingest_document" => {"version" => "456"}}}) }
|
|
299
299
|
|
|
300
|
-
|
|
301
|
-
|
|
300
|
+
context "when datastream settings are NOT configured" do
|
|
301
|
+
it "event's metadata version is used" do
|
|
302
|
+
expect(subject.send(:event_action_tuple, event)[1]).to include(:version => "456")
|
|
303
|
+
end
|
|
304
|
+
end
|
|
305
|
+
|
|
306
|
+
context "when datastream settings are configured" do
|
|
307
|
+
# NOTE: we validate with datastream-specific `data_stream_event_action_tuple`
|
|
308
|
+
let(:event_fields) { super().merge({"data_stream" => {"type" => "logs", "dataset" => "generic", "namespace" => "default"}}) }
|
|
309
|
+
|
|
310
|
+
it "no version is used" do
|
|
311
|
+
expect(subject.send(:data_stream_event_action_tuple, event)[1]).to_not include(:version)
|
|
312
|
+
end
|
|
302
313
|
end
|
|
303
314
|
end
|
|
304
315
|
|
|
@@ -315,8 +326,19 @@ describe LogStash::Outputs::ElasticSearch do
|
|
|
315
326
|
context "when the event contains an integration metadata version_type" do
|
|
316
327
|
let(:event) { LogStash::Event.new({"@metadata" => {"_ingest_document" => {"version_type" => "external"}}}) }
|
|
317
328
|
|
|
318
|
-
|
|
319
|
-
|
|
329
|
+
context "when datastream settings are NOT configured" do
|
|
330
|
+
it "plugin's version_type is used" do
|
|
331
|
+
expect(subject.send(:event_action_tuple, event)[1]).to include(:version_type => "internal")
|
|
332
|
+
end
|
|
333
|
+
end
|
|
334
|
+
|
|
335
|
+
context "when datastream settings are configured" do
|
|
336
|
+
# NOTE: we validate with datastream-specific `data_stream_event_action_tuple`
|
|
337
|
+
let(:event_fields) { super().merge({"data_stream" => {"type" => "logs", "dataset" => "generic", "namespace" => "default"}}) }
|
|
338
|
+
|
|
339
|
+
it "no version_type is used" do
|
|
340
|
+
expect(subject.send(:data_stream_event_action_tuple, event)[1]).to_not include(:version_type)
|
|
341
|
+
end
|
|
320
342
|
end
|
|
321
343
|
end
|
|
322
344
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-output-elasticsearch
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 11.22.
|
|
4
|
+
version: 11.22.2
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-12-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|