Update to ECS 1.4.0#14844
Conversation
|
jenkins, test this |
adriansr
force-pushed
the
update_ecs_1.3
branch
from
e33a16a to
2b6288a
Compare
There was a problem hiding this comment.
I'm not sure about this change. It was complaining that there were 1006 fields after the ECS update.
Will exceed 1000 have an impact or as long as it's below 1024 we're safe?
There was a problem hiding this comment.
We configure the total_fields.limit per index to 10000. The default_fields limit is impacted by the indices.query.bool.max_clause_count setting (default 1024, but not modifyable via templates).
There was a problem hiding this comment.
One option to deal with this would be to add default_field: false to the new fields being added in ECS. This problem will keep occurring each time new fields are added and this could be the solution until we move to a better indexing strategy. Bumping the limit up won't work for much longer.
adriansr
requested review from
a team,
andrewkroh and
ruflin
and removed request for
a team
adriansr
force-pushed
the
update_ecs_1.3
branch
from
f922aee to
f1ae817
Compare
ruflin
left a comment
ruflin
left a comment
There was a problem hiding this comment.
Overall I'm good with this change. We should keep in mind that this keeps increasing the size of all templates even thought he fields are not used in winlogbeat for example.
I didn't check CI but I think we should ;-)
adriansr
force-pushed
the
update_ecs_1.3
branch
from
f1ae817 to
e16d24b
Compare
|
Updated to ECS 1.3.1 |
|
@adriansr What are your thoughts around the field limit (see comment from @andrewkroh ). |
|
I misunderstood the I can add them to the new fields this PR adds, but this implies a change in ECS (to add I don't mind doing either. Edit: Created a PR to elastic/ecs with the change: elastic/ecs#687 |
adriansr
force-pushed
the
update_ecs_1.3
branch
from
e16d24b to
781eab6
Compare
adriansr
added
in progress
|
This is still a work in progress as it currently depends on adding the A new ECS release (1.4.0?) will be needed after that. |
|
elastic/ecs#687 has been merged and backported to branch 1.3. |
adriansr
force-pushed
the
update_ecs_1.3
branch
from
781eab6 to
a093d11
Compare
adriansr
force-pushed
the
update_ecs_1.3
branch
from
e007571 to
a87acbc
Compare
There was a problem hiding this comment.
Don't forget to grab the version from elastic/ecs#718 ;-)
|
Jenkins, test this |
adriansr
force-pushed
the
update_ecs_1.3
branch
from
04a4fc8 to
3afe17d
Compare
|
Jenkins, test this |
This reverts commit aa563245e8ac232c334cf90cba1cf31ced181439.
adriansr
force-pushed
the
update_ecs_1.3
branch
from
3afe17d to
335be5f
Compare
- Update vendored elastic/ecs and fields.ecs.yml from ECS 1.4 branch Includes elastic/ecs#717 and elastic/ecs#687 not in released v1.4.0 - Remove field `process.exit_code` from Metricbeat, now in ECS. (cherry picked from commit cab56a3)
- Update vendored elastic/ecs and fields.ecs.yml from ECS 1.4 branch Includes elastic/ecs#717 and elastic/ecs#687 not in released v1.4.0 - Remove field `process.exit_code` from Metricbeat, now in ECS. (cherry picked from commit cab56a3)
5 participants
Updated vendored elastic/ecs to
v1.3.0v1.3.1v1.4.0 and fields.ecs.yml from same version.