Update to v8.0.0 #544
Merged
Update to v8.0.0 #544
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
antoineco
force-pushed
the
future
branch
6 times, most recently
from
80f3591
to
86f2134
Compare
antoineco
force-pushed
the
future
branch
4 times, most recently
from
a559a97
to
1ca91e9
Compare
antoineco
force-pushed
the
future
branch
2 times, most recently
from
85118d5
to
353ef47
Compare
antoineco
force-pushed
the
future
branch
2 times, most recently
from
bb5a98d
to
9efbb0f
Compare
antoineco
force-pushed
the
future
branch
2 times, most recently
from
74c1002
to
3f17874
Compare
|
Tests are currently failing with a pesky error, which seems to be caused by the Logstash TCP input in particular (possibly related to logstash-plugins/logstash-input-tcp#176):
It feels to me like all this is related to the ECS schema Elastic is pushing to their products. Possibly relevant:
edit: Indeed, the {
"@version" => "1",
"host" => "gateway",
"port" => 45732,
"message" => "dockerelk",
"@timestamp" => 2021-08-11T17:06:55.679Z
}Where the mapping for that I started a forum discussion to try clarifying it. edit 2: I originally fixed this using a Logstash filter, but it turns out this is no longer required starting with |
antoineco
force-pushed
the
future
branch
4 times, most recently
from
b8e2936
to
437c8e6
Compare
antoineco
force-pushed
the
future
branch
2 times, most recently
from
343b83d
to
15d12de
Compare
antoineco
force-pushed
the
future
branch
6 times, most recently
from
61f87db
to
5d18dea
Compare
antoineco
force-pushed
the
future
branch
4 times, most recently
from
b161def
to
55b964c
Compare
antoineco
force-pushed
the
future
branch
4 times, most recently
from
7fce3a5
to
8009b2b
Compare
antoineco
force-pushed
the
future
branch
2 times, most recently
from
94b303d
to
7887d4f
Compare
List of changes impacting docker-elk: - [logstash]: The output to Elasticsearch is handled as a data stream. Starting with v8.0.0, the `elasticsearch` output for Logstash sends log data to a data stream instead of `logstash-*` indices by default. The name of the default data stream is `logs-generic-default`. docker-elk remains unopinionated and simply uses Elastic's defaults like it always has, so users who prefer to retain the old behaviour need to explicitly opt-out of data streams in their Logstash pipelines. Refs: - https://www.elastic.co/guide/en/elasticsearch/reference/current/data-streams.html - https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-data-streams - [logstash]: The (legacy) monitoring data collection is now disabled. This feature was deprecated since v7.9.0, and removed in v8.0.0. Ref: https://www.elastic.co/guide/en/logstash/current/monitoring-internal-collection-legacy.html - [kibana]: An index pattern for `logs-*` indices is automatically created. It used to be required to manually create an index pattern for indices managed by Logstash, even when using the default Logstash indices. This is no longer the case since the output data is now being handled as a data stream, and Kibana automatically creates index patterns for these. - [elasticsearch]: The command line tool `elasticsearch-setup-passwords` was deprecated in favour of a new `elasticsearch-reset-password` tool. Passwords for built-in users must now be generated one by one. Ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-passwords.html - [enterprise-search]: Kibana is now the new management interface, and the only one available moving forward. The old standalone Enterprise Search interface was removed in v8.0.0. Ref: https://www.elastic.co/guide/en/enterprise-search/current/user-interfaces.html
DanBrown47
pushed a commit
to DanBrown47/docker-elk
that referenced
this pull request
Jun 22, 2023
List of changes impacting docker-elk: - [logstash]: The output to Elasticsearch is handled as a data stream. Starting with v8.0.0, the `elasticsearch` output for Logstash sends log data to a data stream instead of `logstash-*` indices by default. The name of the default data stream is `logs-generic-default`. docker-elk remains unopinionated and simply uses Elastic's defaults like it always has, so users who prefer to retain the old behaviour need to explicitly opt-out of data streams in their Logstash pipelines. Refs: - https://www.elastic.co/guide/en/elasticsearch/reference/current/data-streams.html - https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-data-streams - [logstash]: The (legacy) monitoring data collection is now disabled. This feature was deprecated since v7.9.0, and removed in v8.0.0. Ref: https://www.elastic.co/guide/en/logstash/current/monitoring-internal-collection-legacy.html - [kibana]: An index pattern for `logs-*` indices is automatically created. It used to be required to manually create an index pattern for indices managed by Logstash, even when using the default Logstash indices. This is no longer the case since the output data is now being handled as a data stream, and Kibana automatically creates index patterns for these. - [elasticsearch]: The command line tool `elasticsearch-setup-passwords` was deprecated in favour of a new `elasticsearch-reset-password` tool. Passwords for built-in users must now be generated one by one. Ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-passwords.html - [enterprise-search]: Kibana is now the new management interface, and the only one available moving forward. The old standalone Enterprise Search interface was removed in v8.0.0. Ref: https://www.elastic.co/guide/en/enterprise-search/current/user-interfaces.html
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Sending this PR early so people can experiment with the new v8.x series.
Marking as draft until v8.0.0 gets officially released (2022-02-08 according to the Elastic product end of life dates page).
Closes #543
List of changes impacting docker-elk:
Logstash
The output to Elasticsearch is handled as a data stream.
Starting with v8.0.0, the
elasticsearchoutput for Logstash sends log data to a data stream instead oflogstash-*indices by default. The name of the default data stream islogs-generic-default. docker-elk remains unopinionated and simply uses Elastic's defaults like it always has, so users who prefer to retain the old behaviour need to explicitly opt-out of data streams in their Logstash pipelines.Refs:
The (legacy) monitoring data collection is now disabled.
This feature was deprecated since v7.9.0, and removed in v8.0.0.
Ref: https://www.elastic.co/guide/en/logstash/current/monitoring-internal-collection-legacy.html
Elasticsearch
The command line tool
elasticsearch-setup-passwordswas deprecated in favour of a newelasticsearch-reset-passwordtool.Passwords for built-in users must now be generated one by one.
Ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-passwords.html
Kibana
An index pattern for
logs-*indices is automatically created.It used to be required to manually create an index pattern for indices managed by Logstash, even when using the default Logstash indices. This is no longer the case since the output data is now being handled as a data stream, and Kibana automatically creates index patterns for these.
Enterprise Search
Kibana is now the new management interface, and the only one available moving forward.
The old standalone Enterprise Search interface was removed in v8.0.0.
Ref: https://www.elastic.co/guide/en/enterprise-search/current/user-interfaces.html