Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatically create data stream #248

Open
moharana-subhashree opened this issue Apr 18, 2024 · 3 comments
Open

Automatically create data stream #248

moharana-subhashree opened this issue Apr 18, 2024 · 3 comments
Labels
enhancement Increases software capabilities beyond original client specifications

Comments

@moharana-subhashree
Copy link

moharana-subhashree commented Apr 18, 2024
edited
Loading

I am trying to send sample logs from logstash to opensearch data stream using below configuration-

    configFile: |
      input {
        heartbeat {
          interval => 5
          message  => 'Hello from Logproc'
        }
      }
      filter {
        grok{
        }
      }
      output {
        opensearch {
            hosts => [ '{{ .Values.indexsearch.serviceName }}.{{.Release.Namespace}}:{{.Values.indexsearch.port }}' ]
            ssl => false
            index => "log"
            action => "create"
                    }
              }

when i check in opensearch i see only one index has been created with this configuration, but that is a regular index, not part of the data stream backing index. is there any extra configuration which I might be missing because the data is getting ingested to data stream from logstash.
@moharana-subhashree moharana-subhashree added bug Something isn't working untriaged labels Apr 18, 2024
@dblock
Copy link
Member

dblock commented Apr 18, 2024

@moharana-subhashree I could be wrong, but I don't think the plugin is actually capable of knowing that you want a data stream here, and it implies that you should create that data stream index yourself. Does that work?

In that case we should 1) turn this into a feature request, 2) document this better in https://opensearch.org/docs/latest/tools/logstash/ship-to-opensearch/#data-streams

@dblock dblock added enhancement Increases software capabilities beyond original client specifications question Further information is requested and removed bug Something isn't working untriaged labels Apr 18, 2024
@moharana-subhashree
Copy link
Author

hi @dblock,
as in the above post, it is concluded that the creation of data stream on ourselves is mandatory and doesn't support creating it dynamically by the plugin for now.
Recently i was trying below opensearch configuration as below to create a legacy index template as part of the opensearch configurations as below

output {
    opensearch {
      hosts => "http://localhost:9200"
      index => "logs"
      action => "create"
      document_id => "%{id0}"
      template_name => "cas-template"
      template => "/usr/share/logstash/pipeline/template/cas-template.json"
      manage_template => "true"
      template_overwrite => "true"
    }
}

I have a legacy index template format as below provided in the configurations:

    {
      "index_patterns": ["logs-*"],
      "settings": {
        "number_of_shards": 1,
        "number_of_replicas": 1
      },
      "mappings": {
        "properties": {
          "timestamp": {
            "type": "date"
          },
          "message": {
            "type": "text"
          }
        }
      },
      "aliases": {
        "logstash": {}
      }
    }

but with this configuration it ideally shall create a index template and that index template could be used for data stream creation, is my understanding correct? will this be a right way to proceed?

@dblock
Copy link
Member

dblock commented Jul 29, 2024

but with this configuration it ideally shall create a index template and that index template could be used for data stream creation, is my understanding correct? will this be a right way to proceed?

Yes, I can't think of a reason why one would not want this, so this is a feature request. I'll rename the issue.

@dblock dblock changed the title Ingest data to opensearch data stream from logstatsh. Automatically create data stream Jul 29, 2024
@dblock dblock removed the question Further information is requested label Jul 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Increases software capabilities beyond original client specifications
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dblock @moharana-subhashree