-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inconsistent value of event.dataset in ES deprecation logs #83251
Comments
Pinging @elastic/es-core-infra (Team:Core/Infra) |
The dataset value for all ES logs are prefixed with elasticsearch + log type. Like elasticsearch.server. Deprecation log had it reverted `deprecation.elasticsearch` This commit renames the dataset for deprecation logs to `elasticsearch.deprecation. closes elastic#83251
The dataset value for all ES logs are prefixed with elasticsearch + log type. Like elasticsearch.server. Deprecation log had it reverted deprecation.elasticsearch This commit renames the dataset for deprecation logs to `elasticsearch.deprecation. closes #83251
I spoke with @qhoxie and we agreed that the We index deprecation to datastream by default and the datastream name is
@ruflin you did mention here that
cc @pugnascotia |
|
I also confirmed with Kibana team and they do not use |
Elasticsearch Version
8.0
Installed Plugins
No response
Java Version
bundled
OS Version
macos
Problem Description
event.dataset values in ES logs are
elasticsearch.server
,elasticsearch.index_search_slowlog
,elasticsearch.index_indexing_slowlog
but for deprecation logs it is
deprecation.elasticsearch
This probably originates from 7.x where the deprecation log had deprecation.elasticsearch type field, but other logs had simply server, index_search_slowlog and index_indexing_slowlog
Steps to Reproduce
generate deprecation logs.
A sample:
beats processor that is overriding this already
https://github.com/elastic/beats/pull/30018/files#r794578451
original dicussion on the PR that introduced the change
#68737
we should also discuss
datastream.dataset
field.datastream.dataset
is only set in deprecation logsThe text was updated successfully, but these errors were encountered: