Elasticsearch 8.x JSON logs do not always include an "ecs.version" field #73256
Labels
>bug
:Core/Infra/Logging
Log management and logging utilities
Team:Core/Infra
Meta label for core/infra team
Elasticsearch version (
bin/elasticsearch --version
):(I am running ES via https://github.com/elastic/apm-integration-testing/#readme)
Plugins installed: []
JVM version (
java -version
):OS version (
uname -a
if on a Unix-like system):Description of the problem including expected versus actual behavior:
In #47105 JSON logs were made "ECS compliant". However, I notice that only some of the log records include an
ecs.version
field that, according to the ecs-logging spec, is required.For example, only the second of these five log records include "ecs.version"
I would expect all the ECS format log records to include "ecs.version". I'm curious whether this should be considered an ES bug, and/or whether the ecs-logging spec should consider relaxing that required field.
The specific issue for me is with an
ecslog
tool (issue) that I have written to pretty-print and filter ecs-logging format logs. Currentlyecslog
skips JSON lines that don't meet the minimum requirements in the ecs-logging spec, so most logs from ES are not rendered or filterable with this tool.(/cc @felixbarny)
Steps to reproduce:
Run an Elasticsearch 8.x build that has its
appender.console.layout.type
in "config/log4j.properties" set to useECSJsonLayout
. For example:build/distribution/local/elasticsearch-8.0.0-SNAPSHOT/bin/elasticsearch
The text was updated successfully, but these errors were encountered: