diff --git a/falcosidekick/CHANGELOG.md b/falcosidekick/CHANGELOG.md index ae936ecbc..0a45368f1 100644 --- a/falcosidekick/CHANGELOG.md +++ b/falcosidekick/CHANGELOG.md @@ -13,6 +13,7 @@ as a list of comma separated labels and annotations to add to the AlertManager t * Add `yandex.datastreams` and associated fields. * Add `nodered` and associated fields. * Add `mqtt` and associated fields. +* Update `elasticsearch.type` default value to `_doc` ## 0.5.6 diff --git a/falcosidekick/README.md b/falcosidekick/README.md index 0c0c1c28a..0430fe8a6 100644 --- a/falcosidekick/README.md +++ b/falcosidekick/README.md @@ -205,7 +205,7 @@ The following table lists the main configurable parameters of the Falcosidekick | `config.elasticsearch.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.elasticsearch.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | | `config.elasticsearch.password` | use this password to authenticate to Elasticsearch if the password is not empty | `""` | -| `config.elasticsearch.type` | Elasticsearch document type | `event` | +| `config.elasticsearch.type` | Elasticsearch document type | `_doc` | | `config.elasticsearch.username` | use this username to authenticate to Elasticsearch if the username is not empty | `""` | | `config.fission.checkcert` | check if ssl certificate of the output is valid | `true` | | `config.fission.function` | Name of Fission function, if not empty, Fission is *enabled* | `""` | diff --git a/falcosidekick/values.yaml b/falcosidekick/values.yaml index 23fcad058..143b1f1c7 100644 --- a/falcosidekick/values.yaml +++ b/falcosidekick/values.yaml @@ -94,7 +94,7 @@ config: elasticsearch: hostport: "" index: "falco" - type: "event" + type: "_doc" minimumpriority: "" mutualtls: false checkcert: true