ElasticSearch has deprecated the use of ignore_throttled #11823
Comments
|
Thanks for the information. The |
|
Hi, On docker hub their scans shows that the log4js vunerability in Elasticsearch was fixed in 7.16.1. All previous versions contained the vunerability. This means that support for latest version of elasticsearch needs to bumped up asap. Are there any work arounds so that 7.10 can still be used ? |
|
It worth what it worth, but a filter can be set in log4j (file /etc/graylog/server/log4j2.xml on GNU/Linux). My guess is that less resources are spent when executing a regex than when writing a line in a log file. <RollingFile name="rolling-file" fileName="/var/log/graylog-server/server.log" filePattern="/var/log/graylog-server/server.log.%i.gz">
+ <RegexFilter regex=".* parameter is deprecated .*" onMatch="DENY" onMismatch="NEUTRAL"/>
<PatternLayout pattern="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX} %-5p [%c{1}] %m%n"/>Also, there is a parameter "elasticsearch_mute_deprecation_warnings" in Graylog’s server.conf (see #10239), but this specific message pattern "parameter is deprecated" does not match the list of patterns. |
ElasticSearch has deprecated the use of
ignore_throttled. Graylog should probably be updated at some point to reflect the change in ElasticSearch. At this moment this causes only warnings in the logs, but future versions might drop the support for the parameter, and the queries might fail.Relevant deprecation warning:
2021-12-15T09:34:22.667+02:00 WARN [RestClient] request [GET http://server:9200/techlog_*/_alias?ignore_throttled=false&ignore_unavailable=false&expand_wildcards=open&allow_no_indices=false] returned 1 warnings: [299 Elasticsearch-7.16.1-5b38441b16b1ebb16a27c107a4c3865776e20c53 "[ignore_throttled] parameter is deprecated because frozen indices have been deprecated. Consider cold or frozen tiers in place of frozen indices."]The text was updated successfully, but these errors were encountered: