Define ecs.version as a constant_keyword field

[axw]

We set ecs.version using a model processor, in the apm-server code, based on the version of the github.com/elastic/ecs/code/go/ecs module in use:

apm-server/internal/beater/processors.go

Lines 64 to 72 in 0c6c95f

	// ecsVersionBatchProcessor is a model.BatchProcessor that sets the ECSVersion
	// field of each event to the ECS library version.
	func ecsVersionBatchProcessor(ctx context.Context, b *model.Batch) error {
	for i := range *b {
	event := &(*b)[i]
	event.ECSVersion = ecs.Version
	}
	return nil
	}

An older version of APM Server may send documents to the data streams, and the ingest pipeline is responsible for upgrading/transforming documents to the appropriate format. Therefore I believe it makes sense for the ECS version to be set by the installed ingest pipeline and index template. We can do this by making ecs.version a constant_keyword field.

This will also allow the code to be simplified, and documents to be made (slightly) smaller.

[simitt]

the ingest pipeline is responsible for upgrading/transforming documents to the appropriate format.

Would this issue also contain the work to put the ingest pipeline for adding the ECS version in place?

[axw]

Would this issue also contain the work to put the ingest pipeline for adding the ECS version in place?

I think all we need to do is:

• set ecs.version to a constant_keyword field in each data stream's ecs.yml file, and specify the constant value
• stop setting ecs.version in documents sent to Elasticsearch