-
Notifications
You must be signed in to change notification settings - Fork 419
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stage 2 changes for RFC 0009 - data_stream fields #1215
Merged
Merged
Changes from 16 commits
Commits
Show all changes
17 commits
Select commit
Hold shift + click to select a range
5757c8e
add data_stream to experimental schema
ebeahan 7a26135
updating experimental artifacts
ebeahan 569bde8
tidy up field set descriptions
ebeahan d8bafb0
adjust field set text wrapping
ebeahan 96a66e9
beter, concrete example value
ebeahan f3ab72e
adjust text wrapping
ebeahan 79f49b1
addl text formatting
ebeahan bc890dc
indentation
ebeahan 66085c2
improve and adjust description wording
ebeahan 3a5e8e1
artifacts update
ebeahan 85296d2
moving naming limitations to comment
ebeahan 66d75bf
missing period
ebeahan d9a6f82
better convey why data streams and indices share limitations
ebeahan 52707d1
prefer data stream naming
ebeahan 7e693fe
incorporate review feedback
ebeahan f6b52c1
artifacts
ebeahan 11cddf4
tad more forceful
ebeahan File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 25 additions & 0 deletions
25
experimental/generated/elasticsearch/component/data_stream.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
{ | ||
"_meta": { | ||
"documentation": "https://www.elastic.co/guide/en/ecs/current/ecs-data_stream.html", | ||
"ecs_version": "2.0.0-dev+exp" | ||
}, | ||
"template": { | ||
"mappings": { | ||
"properties": { | ||
"data_stream": { | ||
"properties": { | ||
"dataset": { | ||
"type": "constant_keyword" | ||
}, | ||
"namespace": { | ||
"type": "constant_keyword" | ||
}, | ||
"type": { | ||
"type": "constant_keyword" | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
--- | ||
- name: data_stream | ||
title: Data Stream | ||
short: The data_stream fields take part in defining the new data stream naming scheme. | ||
description: > | ||
The data_stream fields take part in defining the new data stream naming scheme. | ||
|
||
In the new data stream naming scheme the value of the data stream fields combine to the name of the actual data | ||
stream in the following manner `{data_stream.type}-{data_stream.dataset}-{data_stream.namespace}`. This means the fields | ||
can only contain characters that are valid as part of names of data streams. More details about this can be found in | ||
this https://www.elastic.co/blog/an-introduction-to-the-elastic-data-stream-naming-scheme[blog post]. | ||
|
||
An Elasticsearch data stream consists of one or more backing indices, and a data stream name forms part of the backing indices names. | ||
Due to this convention, data streams must also follow index naming restrictions. For example, data stream names cannot include \, /, *, ?, ", <, >, |, ` `. | ||
Please see the Elasticsearch reference for additional https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html#indices-create-api-path-params[restrictions]. | ||
fields: | ||
|
||
- name: type | ||
level: extended | ||
type: constant_keyword | ||
example: logs | ||
# Any future values for `data_stream.type` should also adhere to the following restrictions (these are derived from the Elasticsearch index restrictions): | ||
# * Must not contain `-` | ||
# * Must not start with `+` or `_` | ||
description: > | ||
An overarching type for the data stream. | ||
|
||
Currently allowed values include "logs", "metrics". We expect to also add "traces" and "synthetics" in the near future. | ||
short: An overarching type for the data stream. | ||
|
||
- name: dataset | ||
level: extended | ||
type: constant_keyword | ||
example: nginx.access | ||
description: > | ||
The field can contain anything that makes sense to signify the source of the data. | ||
|
||
Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that | ||
do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the | ||
same value as `data_stream.dataset`. | ||
|
||
Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: | ||
* Must not contain `-` | ||
* No longer than 100 characters | ||
short: The field can contain anything that makes sense to signify the source of the data. | ||
|
||
- name: namespace | ||
level: extended | ||
type: constant_keyword | ||
example: production | ||
description: > | ||
A user defined namespace. Namespaces are useful to allow grouping of data. | ||
|
||
Many users already organize their indices this way, and the data stream naming scheme now provides this | ||
best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. | ||
|
||
Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: | ||
* Must not contain `-` | ||
* No longer than 100 characters | ||
short: A user defined namespace. Namespaces are useful to allow grouping of data. |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest being just a tad more forceful.