Skip to content

[Logs+] Change default of ignore_malformed to true in logs-*-* data streams#95329

Merged
felixbarny merged 9 commits intoelastic:mainfrom
eyalkoren:logs-data-streams-ignore_malformed
Apr 27, 2023
Merged

[Logs+] Change default of ignore_malformed to true in logs-*-* data streams#95329
felixbarny merged 9 commits intoelastic:mainfrom
eyalkoren:logs-data-streams-ignore_malformed

Conversation

@eyalkoren
Copy link
Copy Markdown
Contributor

@eyalkoren eyalkoren commented Apr 18, 2023
edited
Loading

Description

Closes #95224

As part of our effort to accept all logs by default, one of the first issues we want to address is the rejection of whole log event documents due to field type not matching the corresponding mapping.
The intention of this issue is to change the default of ignore_malformed to true specifically for logs-*-* data streams, so that the log event will be indexed and the incorrectly typed field will be ignored. The ignored fields, as well as their values, are available through query, as shown in the added test.

Checklist

  • set ignore_malformed: true at index level for logs-*-* data streams
  • override this setting to the @timestamp field, for which it should remain ignore_malformed: false
  • add an integration test
  • add to changelog

@elasticsearchmachine elasticsearchmachine added needs:triage Requires assignment of a team area label v8.8.0 external-contributor Pull request authored by a developer outside the Elasticsearch team labels Apr 18, 2023
@eyalkoren eyalkoren changed the title Logs data streams ignore malformed [Logs+] Change default of ignore_malformed to true in logs-*-* data streams Apr 18, 2023
@eyalkoren eyalkoren requested a review from felixbarny April 18, 2023 12:53
felixbarny
felixbarny reviewed Apr 18, 2023
View reviewed changes
@felixbarny felixbarny added the :StorageEngine/Data streams Data streams and their lifecycles label Apr 18, 2023
@elasticsearchmachine elasticsearchmachine added Team:Data Management (obsolete) DO NOT USE. This team no longer exists. and removed needs:triage Requires assignment of a team area label labels Apr 18, 2023
@elasticsearchmachine
Copy link
Copy Markdown
Collaborator

elasticsearchmachine commented Apr 18, 2023

Pinging @elastic/es-data-management (Team:Data Management)

@elasticsearchmachine
Copy link
Copy Markdown
Collaborator

elasticsearchmachine commented Apr 19, 2023

Hi @eyalkoren, I've created a changelog YAML for you.

@elasticsearchmachine
Copy link
Copy Markdown
Collaborator

elasticsearchmachine commented Apr 19, 2023

Hi @eyalkoren, I've updated the changelog YAML for you.

ruflin
ruflin reviewed Apr 19, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@ruflin ruflin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@felixbarny I do not want to expand the scope of this PR here. But can we keep track somewhere of these changes because I think most of these we should eventually also apply to metrics, traces, etc. for all of the data stream naming scheme.

@ruflin ruflin mentioned this pull request Apr 19, 2023
Closed
@dakrone dakrone self-requested a review April 19, 2023 15:48
dakrone
dakrone approved these changes Apr 19, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@dakrone dakrone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@felixbarny
Copy link
Copy Markdown
Member

felixbarny commented Apr 21, 2023

Let's get in #95469 before merging this to make it easier for users to opt-out, without having to duplicate the whole default logs template.

@eyalkoren eyalkoren removed the v8.8.0 label Apr 25, 2023
@eyalkoren
Copy link
Copy Markdown
Contributor Author

eyalkoren commented Apr 25, 2023

This issue is currently blocked on #95481

@felixbarny felixbarny merged commit 07332ef into elastic:main Apr 27, 2023
@eyalkoren eyalkoren deleted the logs-data-streams-ignore_malformed branch April 30, 2023 06:33
@eyalkoren eyalkoren mentioned this pull request May 1, 2023
Merged
eyalkoren added a commit that referenced this pull request May 2, 2023
@eyalkoren
Increment StackTemplateRegistry#REGISTRY_VERSION
533c4b5 
Required due to changes made in stack templates in #95481 and #95329
@eyalkoren eyalkoren mentioned this pull request May 2, 2023
Merged
@felixbarny felixbarny mentioned this pull request May 4, 2023
Closed
@felixbarny felixbarny mentioned this pull request Jul 10, 2023
Closed
@felixbarny felixbarny mentioned this pull request Jul 24, 2023
Open
@felixbarny felixbarny mentioned this pull request Aug 4, 2023
Closed
@eedugon eedugon mentioned this pull request Aug 24, 2023
Open
@simitt simitt mentioned this pull request Aug 30, 2023
Open
@felixbarny felixbarny mentioned this pull request Oct 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ruflin ruflin ruflin left review comments

@felixbarny felixbarny felixbarny approved these changes

@dakrone dakrone dakrone approved these changes

Assignees

@eyalkoren eyalkoren

Labels

>enhancement external-contributor Pull request authored by a developer outside the Elasticsearch team :StorageEngine/Data streams Data streams and their lifecycles Team:Data Management (obsolete) DO NOT USE. This team no longer exists. v8.9.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Logs+] Change default of ignore_malformed to true in logs-*-* data streams

6 participants

@eyalkoren @elasticsearchmachine @felixbarny @dakrone @ruflin @gbamparop