Uploaded image for project: 'Flume'
  1. Flume
  2. FLUME-2099

Add serializer to ElasticSearchSink for new logstash v1 format

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.4.0
    • None
    • Sinks+Sources
    • None

    Description

      The logstash maintainer has implemented an improved message schema for elasticsearch which he plans to deploy in the next version https://logstash.jira.com/browse/LOGSTASH-675

      The ElasticSearchSink aims to allow users to write just as if logstash does - largely so Kibana can work. A serializer should be added to allow the new format to be used.

      Benefits (from the logstash work item):

      • kibana isn't polluted with "@" symbols everywhere
      • most relevant data is in 'event fields' which is now top-level, no longer "@fields.somefield"
      • fewer "required" event fields.
      • the 'json' input format can go away or generally mean the same thing as json_event

      Attachments

        Issue Links

          is depended upon by

          Bug - A problem which impairs or prevents the functions of the product. FLUME-2220 ElasticSearch sink - duplicate fields in indexed document

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Patch Available

          Activity

            People

              Unassigned Unassigned
              ejsarge Edward Sargisson
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: