Update template to use ES 5.x mapping #462
Conversation
|
LGTM™. Let's see if the tests pass 😄 |
|
Super excited about this, btw. Definitely going to tweak some upgraders, but +1 for the clean start. |
|
hmm, I have to use some rspec tag trickery to fix this. |
|
Let's block this until elastic/elasticsearch#19812 is resolved. |
|
Aye. Stalling |
|
A few of us (@suyograo, @andrewvc, @talevy, etc) had discussions about this offline, and there were two main areas for discussion about the
FOr the first part, we are discussing in elastic/elasticsearch#19812. For the second part, we might leave this field named as |
|
In all honesty, I'd multi-field and have both raw and keyword. This forces users to adjust the template themselves if they're space conscious, and gives us both reverse and forward compatibility, should Kibana standardize on |
I am -1 on this. I wouldn't want users to incur extra disk space because of this. This multi-field is for every string, which is quite a bit. |
|
Did some historical digging. Logstash v1.3.0 (December 2013) is the first version which shipped a template. Changing We discussed this last week somewhere I forget, but we had some thoughts for Logstash 5.0 timeframe: Premise: 1.By default, Logstash will only install the template if there is no template already there. Therefore, I summarize a proposal as follows:
Expected impact of default behavior as proposed:
|
|
@jordansissel I've changed this PR to reflect the proposal in #462 (comment). Can you take a look please? /cc @talevy |
| - INTEGRATION=true ES_VERSION=1.7.5 | ||
| - INTEGRATION=true ES_VERSION=5.0.0-alpha1 | ||
| - INTEGRATION=true ES_VERSION=2.3.4 | ||
| - INTEGRATION=true ES_VERSION=5.0.0-alpha4 |
There was a problem hiding this comment.
Shouldn't this be alpha5 now?
There was a problem hiding this comment.
This should be increased to alpha5 since it has been released.
There was a problem hiding this comment.
Hahahaha. All of us saw the same thing 👍
|
LGTM™ |
| "fields" : { | ||
| "raw" : {"type": "string", "index" : "not_analyzed", "ignore_above" : 256} | ||
| "keyword" : { "type": "keyword" } |
There was a problem hiding this comment.
I thought the idea was to let ES run through its defaults in the case that a stringed field is being dynamically mapped
There was a problem hiding this comment.
Yes, but we need "norms" : false, to be set, which ES does not by default. That's why I had to explicitly add this rule for strings.
There was a problem hiding this comment.
See 2 lines above.
| @@ -1,6 +1,6 @@ | |||
| require_relative "../../../spec/es_spec_helper" | |||
|
|
|||
| describe "Ingest pipeline execution behavior", :integration => true, :version_5x => true do | |||
| describe "Ingest pipeline execution behavior", :integration => true, :version_greater_than_5x => true do | |||
There was a problem hiding this comment.
greater_than? and equal to?
|
lgtm |
In PR logstash-plugins#462 (comment) we used `.keyword` to match ES's change in default behavior. Both approaches, using `.keyword` to match ES for consistency and using `.raw` to match existing logstash data has pros/cons. I think at this time it is wise to err on the side of easy-upgrade-path so reverting this back to using `.raw` as before Fixes logstash-plugins#466
Fix typo Update template to use ES 5.x mapping (logstash-plugins#462) * Update template to use ES 5.x mapping Fixes logstash-plugins#386 remove `force` as valid version type parameter remove trailing comma
Fixes #386