Implement ECS Compatibility Mode #952
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yaauie
force-pushed
the
ecs-compatibility-mode
branch
2 times, most recently
from
3e99a5a
to
0601fc6
Compare
|
Remaining test failure is caused by a spec relying the result of a |
jsvd
reviewed
Jul 14, 2020
There was a problem hiding this comment.
I've made a few minor remarks, mostly around template handling.
One thing that worries me from the user experience side is the consideration that ECS enabled data streams will ship soon, and maybe that should be the default way to push ECS data from logstash.
For other non timeseries/non data streams scenarios it's likely that data won't be ECS formatted.
By consistently using the Output's already-public method, we can eliminate the spec's need to specify behaviour of the method internal client, which it can't reliably intercept in time.
yaauie
force-pushed
the
ecs-compatibility-mode
branch
2 times, most recently
from
a198b13
to
53251c8
Compare
yaauie
force-pushed
the
ecs-compatibility-mode
branch
from
53251c8
to
cd86989
Compare
yaauie
commented
Jul 14, 2020
docs/index.asciidoc
Outdated
| * Default value is `logstash` | ||
| * Default value depends on whether <<plugins-{type}s-{plugin}-ecs_compatibility>> is enabled: | ||
| ** ECS Compatibility disabled: `logstash` | ||
| ** ECS Compatibility enabled: `ecs-logstash` (ECS Compatibility is enabled) |
There was a problem hiding this comment.
Suggested change
| ** ECS Compatibility enabled: `ecs-logstash` (ECS Compatibility is enabled) | |
| ** ECS Compatibility enabled: `ecs-logstash` |
karenzone
reviewed
Jul 14, 2020
yaauie
force-pushed
the
ecs-compatibility-mode
branch
from
e2553cd
to
03d6617
Compare
Co-authored-by: Karen Metts <35154725+karenzone@users.noreply.github.com>
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements ECS Compatibility Mode for ECS v1.
ecs-logstash-*.ecs-when ECS is enabled.