This repository was archived by the owner on Jan 6, 2023. It is now read-only.
Support "data streams" #22
Comments
|
This change was pretty easy: In LogExportHandler.java, change to and the use: to And the name of the time stamp in the assembly of the event to and in createMappings: to Note: The doc -> _doc change is a generally applicable bug fix, I think - the doc type should be _doc. In later ES versions, doc types is deprecated anyway, so it could be removed entirely. I didn't make that change. The index->create change will also work for "straight" indicies as well as data streams, as far as I can see so this change too could be made unconditionally. |
|
Nothing happened in a month. Is this project dead? |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Elastic search has had data streams for a while now. However, the logging exporter doesn't send things in the right way.
According to here: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/use-a-data-stream.html
"To add multiple documents with a single request, use the bulk API. Only create actions are supported."
curl -X PUT "localhost:9200/my-data-stream/_bulk?refresh&pretty" -H 'Content-Type: application/json' -d'
{"create":{ }}
{ "@timestamp": "2099-03-08T11:04:05.000Z", "user": { "id": "vlb44hny" }, "message": "Login attempt failed" }
{"create":{ }}
{ "@timestamp": "2099-03-08T11:06:07.000Z", "user": { "id": "8a4f500d" }, "message": "Login successful" }
{"create":{ }}
{ "@timestamp": "2099-03-09T11:07:08.000Z", "user": { "id": "l7gk7f82" }, "message": "Logout successful" }
'
But the exporter sends:
POST /wls/doc/_bulk?pretty HTTP/1.1
Accept: application/json
Content-Type: application/json
User-Agent: Jersey/2.22.4 (HttpUrlConnection 1.8.0_281)
Host: localhost:9200
Connection: Keep-Alive
Content-Length: 1512
{ "index" : { }}
{"messageID": "BEA-2162611","message": "Creating ManagedScheduledExecutorService "DefaultManagedScheduledExecutorService" (partition="DOMAIN", module="null", application="bea_wls_deployment_internal", workmanager="default")","timestamp": 1641037065050,"serverName": "server_8080","threadName": "[ACTIVE] ExecuteThread: '10' for queue: 'weblogic.kernel.Default (self-tuning)'","severity": "Info","userId": "","level": "Info","loggerName": "CONCURRENCY","formattedDate": "Jan 1, 2022 11:37:45,050 AM UTC","subSystem": "CONCURRENCY","machineName": "server","transactionId": "","diagnosticContextId": "7434236c-676a-4857-839f-9b4b00bc7fc7-000000a5","sequenceNumber": 5865,"domainUID": "domainid"}
and ES produces an error:
{
"took" : 0,
"errors" : true,
"items" : [
{
"index" : {
"_index" : "wls",
"_type" : "doc",
"_id" : null,
"status" : 400,
"error" : {
"type" : "illegal_argument_exception",
"reason" : "only write ops with an op_type of create are allowed in data streams"
}
}
},
{
"index" : {
"_index" : "wls",
"_type" : "doc",
"_id" : null,
"status" : 400,
"error" : {
"type" : "illegal_argument_exception",
"reason" : "only write ops with an op_type of create are allowed in data streams"
}
}
}
]
}
Since (I assume) the exported never needs to update a doc, it could use "create" here. I'll try this out and submit a pull request if it works
The text was updated successfully, but these errors were encountered: