Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[7.x] ECS support for Grok processor (#76885) #77319

Merged
merged 1 commit into from
Sep 7, 2021

Conversation

danhermann
Copy link
Contributor

Adds ECS support to the Grok processor by bringing over the Logstash Grok filter's ECS patterns. These are available in the ES Grok ingest processor through a new ecs_compatibility flag which, like the flag on the Logstash Grok filter, accepts only values of disabled or v1 and defaults to the former. When disabled, the original patterns which are now designated "legacy" patterns are still used.

The API to retrieve the Grok processor's patterns was also updated to accept a parameter specifying whether a listing of legacy or ECS patterns is desired.

Potential follow-up tasks include investigation of ECS support in Grok usage for Painless, ML, and runtime fields. For now, all of those use cases have been hard-coded to use legacy Grok patterns.

Fixes #66528

Backport of #76885

@danhermann danhermann added >enhancement :Data Management/Ingest Node Execution or management of Ingest Pipelines including GeoIP backport Team:Deployment Management Meta label for Management Experience - Deployment Management team v7.16.0 labels Sep 6, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/kibana-stack-management (Team:Stack Management)

@elasticmachine elasticmachine added the Team:Data Management Meta label for data/management team label Sep 6, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-data-management (Team:Data Management)

@danhermann danhermann merged commit 5a314d8 into elastic:7.x Sep 7, 2021
@danhermann danhermann deleted the backport_7x_76885_ecs_for_grok branch September 7, 2021 12:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport :Data Management/Ingest Node Execution or management of Ingest Pipelines including GeoIP >enhancement Team:Data Management Meta label for data/management team Team:Deployment Management Meta label for Management Experience - Deployment Management team v7.16.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants