[Ingest] check and create default indices during setup #64809
Conversation
neptunian
added
v8.0.0
release_note:skip
|
Pinging @elastic/ingest-management (Team:Ingest Management) |
neptunian
changed the title
|
@elasticmachine merge upstream |
| @@ -356,3 +359,35 @@ const getFieldFormatParams = (field: Field): FieldFormatParams => { | |||
| if (field.open_link_in_current_tab) params.openLinkInCurrentTab = field.open_link_in_current_tab; | |||
| return params; | |||
| }; | |||
|
|
|||
| export const ensureDefaultIndices = async (callCluster: CallESAsCurrentUser) => | |||
| // create a placeholder index to supress errors in the kibana Dashboards app | |||
There was a problem hiding this comment.
Nit:
| // create a placeholder index to supress errors in the kibana Dashboards app | |
| // create a placeholder indicies to supress errors in the kibana Dashboards app |
Could you also add a link here to the open Kibana issue?
|
I tested this locally and got two errors. The first one I assume comes from a missing field in the Endpoint package:
This one is about the missing
|
|
@ruflin I'm not creating a documents in this PR, I'm just creating an index. where are you getting the timestamp error? |
|
@neptunian One was the endpoint dashboard, the other one I think was just on discovery page selecting one of the index pattern. I didn't ingest any data. |
|
@ruflin it looks like the reason it's getting that @timestamp error is because if I PUT an index, whenever I visit the index patterns in the management page or the Discovery app it will overwrite whatever index pattern already exists (logs-*) with the existing index that's matching it, which in this case is an empty index.
Same with events. The errors for these fields may be because they were overwritten by the new placeholder index. So, even though, during setup, a lot of fields were added to the index pattern due to installation of the default packages, they will be overwritten visiting these pages if no indices exist or they exist with a few fields. They create the patterns automatically. |
|
@elasticmachine merge upstream |
neptunian
force-pushed
the
62343-default-indices
branch
from
c6c4ee1 to
4a2634b
Compare
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
* check and create default indices during setup * fix typos * add kibana issue * add date mapping * add removeDocValues to each field to stop apps from creating a new index pattern * update snapshot * add property to test data # Conflicts: # x-pack/plugins/ingest_manager/common/constants/epm.ts
* check and create default indices during setup * fix typos * add kibana issue * add date mapping * add removeDocValues to each field to stop apps from creating a new index pattern * update snapshot * add property to test data # Conflicts: # x-pack/plugins/ingest_manager/common/constants/epm.ts Co-authored-by: Elastic Machine <[email protected]>
|
Hey all, I would love to understand more about this and what the plan is to get around this more completely. This change broke some assumptions we were making in the Logs and Metrics apps around when we can assume "logs-" and "metrics-" indices would exist (i.e. their existence should imply the intention to ingest data of that type). Our assumption was a bit flaky, but this change also feel pretty tenuous. Thanks! |
|
@jasonrhodes I think we haven't figured out the final solution yet. The above is kind of a hack but otherwise users see lots of errors because of the way index patterns work today. I would hope we can change the way index patterns work ;-) Happy to sync up if it didn't happen yet. |
#62343
readFromDocValuesproperty to each index pattern field to prevent apps like Discovery and Management -> Index Patterns -> (index pattern) from creating a new index pattern from the placeholder index and overwriting our entire index pattern (see Index Pattern overwritten when an index exists #65284). The value should be the same asdoc_valuesTest:
Go to Dashboads and click on a dashboard for system or nginx FIlebeat. Before there could be many notices about no matching idices:
Now you should not see any toast errors:
This PR does not resolve these errors.
