Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Logs+] Change default of ignore_malformed to true in logs-*-* data streams #95329

Merged
merged 9 commits into from
Apr 27, 2023
Merged

[Logs+] Change default of ignore_malformed to true in logs-*-* data streams #95329

merged 9 commits into from
Apr 27, 2023

Conversation

eyalkoren
Copy link
Contributor

@eyalkoren eyalkoren commented Apr 18, 2023
edited
Loading

Description

Closes #95224

As part of our effort to accept all logs by default, one of the first issues we want to address is the rejection of whole log event documents due to field type not matching the corresponding mapping.
The intention of this issue is to change the default of ignore_malformed to true specifically for logs-*-* data streams, so that the log event will be indexed and the incorrectly typed field will be ignored. The ignored fields, as well as their values, are available through query, as shown in the added test.

Checklist

  • set ignore_malformed: true at index level for logs-*-* data streams
  • override this setting to the @timestamp field, for which it should remain ignore_malformed: false
  • add an integration test
  • add to changelog

@elasticsearchmachine elasticsearchmachine added needs:triage Requires assignment of a team area label v8.8.0 external-contributor Pull request authored by a developer outside the Elasticsearch team labels Apr 18, 2023
@eyalkoren eyalkoren changed the title Logs data streams ignore malformed [Logs+] Change default of ignore_malformed to true in logs-*-* data streams Apr 18, 2023
@eyalkoren eyalkoren requested a review from felixbarny April 18, 2023 12:53
@felixbarny felixbarny added the :Data Management/Data streams Data streams and their lifecycles label Apr 18, 2023
@elasticsearchmachine elasticsearchmachine added Team:Data Management Meta label for data/management team and removed needs:triage Requires assignment of a team area label labels Apr 18, 2023
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-data-management (Team:Data Management)

@elasticsearchmachine
Copy link
Collaborator

Hi @eyalkoren, I've created a changelog YAML for you.

@elasticsearchmachine
Copy link
Collaborator

Hi @eyalkoren, I've updated the changelog YAML for you.

ruflin
ruflin reviewed Apr 19, 2023
View reviewed changes
Copy link
Member

@ruflin ruflin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@felixbarny I do not want to expand the scope of this PR here. But can we keep track somewhere of these changes because I think most of these we should eventually also apply to metrics, traces, etc. for all of the data stream naming scheme.

docs/changelog/95329.yaml Show resolved Hide resolved
x-pack/plugin/core/src/main/resources/logs-mappings.json Show resolved Hide resolved
@ruflin ruflin mentioned this pull request Apr 19, 2023
Closed
@dakrone dakrone self-requested a review April 19, 2023 15:48
dakrone
dakrone approved these changes Apr 19, 2023
View reviewed changes
Copy link
Member

@dakrone dakrone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

docs/changelog/95329.yaml Show resolved Hide resolved
@felixbarny
Copy link
Member

Let's get in #95469 before merging this to make it easier for users to opt-out, without having to duplicate the whole default logs template.

@eyalkoren eyalkoren removed the v8.8.0 label Apr 25, 2023
@eyalkoren
Copy link
Contributor Author

This issue is currently blocked on #95481

@felixbarny felixbarny merged commit 07332ef into elastic:main Apr 27, 2023
@eyalkoren eyalkoren deleted the logs-data-streams-ignore_malformed branch April 30, 2023 06:33
@eyalkoren eyalkoren mentioned this pull request May 1, 2023
Merged
eyalkoren added a commit that referenced this pull request May 2, 2023
@eyalkoren
Increment StackTemplateRegistry#REGISTRY_VERSION
533c4b5 
Required due to changes made in stack templates in #95481 and #95329
@eyalkoren eyalkoren mentioned this pull request May 2, 2023
Merged
@felixbarny felixbarny mentioned this pull request May 4, 2023
Closed
@felixbarny felixbarny mentioned this pull request Jul 10, 2023
Closed
@felixbarny felixbarny mentioned this pull request Jul 24, 2023
Open
@felixbarny felixbarny mentioned this pull request Aug 4, 2023
Closed
@eedugon eedugon mentioned this pull request Aug 24, 2023
Open
@simitt simitt mentioned this pull request Aug 30, 2023
Open
@felixbarny felixbarny mentioned this pull request Oct 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@felixbarny felixbarny felixbarny approved these changes

@ruflin ruflin ruflin left review comments

@dakrone dakrone dakrone approved these changes

Assignees

@eyalkoren eyalkoren

Labels
:Data Management/Data streams Data streams and their lifecycles >enhancement external-contributor Pull request authored by a developer outside the Elasticsearch team Team:Data Management Meta label for data/management team v8.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Logs+] Change default of ignore_malformed to true in logs-*-* data streams
5 participants
@eyalkoren @elasticsearchmachine @felixbarny @dakrone @ruflin