HomePhabricator
Diffusion Wikimedia Puppet 524c1e18bbe8

logstash: Update default mappings for Elasticsearch 2.x
524c1e18bbe8Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.
This commit no longer exists in the repository. It may have been part of a branch which was deleted.This commit has been deleted in the repository: it is no longer reachable from any branch, tag, or ref.

Description

logstash: Update default mappings for Elasticsearch 2.x

Update the default mapping template to coerce all non-string fields
without explicit mappings to strings.

Starting with Elasticsearch 2.x, fields with the same name, in the same
index, in different types, must have the same mapping. This is
problematic for our Logstash traffic where different applications may
(and do!) use common names like "code" and "status" as structured log
data with differing content. We have a "normalize_fields" filter that
has been used to try and clean up these differences, but that is
a fragile approach that could be broken at any time by a new application
or new event type for an existing application that has conflicts with
anything else in our logging environment.

Bug: T136001
Change-Id: I638d88e1d874fdb8be211bd74a1e36998d42dc09

Details

Provenance
bd808Authored on Jul 11 2016, 3:47 PM
ChangeId
I638d88e1d874fdb8be211bd74a1e36998d42dc09

Commit No Longer Exists

This commit no longer exists in the repository.
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL