Comments (15)
-1 on not having error.message.raw available in my kibana
that was one of the first things I wanted to build with my ELK setup
a list of error messages by number
from logstash-output-elasticsearch.
To add to this: we'd like to move to doc-values-by-default on all fields except for analyzed strings fields (which don't support doc values anyway). This not analyzed message
field is (almost?) always unique, which is essentially doubling the disk space required, with no benefit.
from logstash-output-elasticsearch.
Talked to @jsvd internally about it.
The 'message' field is usually used in 2 cases
- Original message field ( people forget to delete / modify it after parsing )
- people actually modify it with a sensible content. will most likely do free text search on it.
I think because of that it makes sense to have the .raw ( not_analyzed ) version to be dropped.
from logstash-output-elasticsearch.
+1 on omitting 'message.raw'
from logstash-output-elasticsearch.
@jordansissel i think you mean the opposite? "not having message not analyzed"?
from logstash-output-elasticsearch.
@clintongormley oops, typo! I updated my comment to be more accurate.
from logstash-output-elasticsearch.
+1
from logstash-output-elasticsearch.
-1 on not having message analyzed
+1 on not having the message.raw not analyzed
anything else to not vote on?
from logstash-output-elasticsearch.
+1 on not having a message.raw field :)
from logstash-output-elasticsearch.
Closed by #12
from logstash-output-elasticsearch.
-1 on not having error.message.raw available in my kibana
@derEremit This ticket was specifically about the top-level field named message
, not error.message
, so unless I am not understanding, your error.message
field will continue to behave the way you want :)
from logstash-output-elasticsearch.
@jordansissel
okay, I thought this ticket applies to my problem, as I don't get .raw fields on anything ending with message, on my unmodified logstash, elastic 2.3 setup
should I re-check and open a separate issue for that?
from logstash-output-elasticsearch.
Open a new issue
On Tuesday, September 20, 2016, Sebastian Paul [email protected]
wrote:
okay, I thought this ticket applies to my problem, as I don't get .raw
fields on anything ending with message, on my unmodified logstash, elastic
2.3 setupshould I re-check and open a separate issue for that?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#11 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAIC6u0YTEOhzyI77V99KHhVA303GNx-ks5qsF6kgaJpZM4C6F2b
.
from logstash-output-elasticsearch.
@jordansissel btw the way the template is defined at the moment will match any field whose name is message
(which includes foo.bar.message
). To limit it to just the top-level message
field, it should use path_match
instead of match
from logstash-output-elasticsearch.
I've opened a PR to do just what you describe @clintongormley
from logstash-output-elasticsearch.
Related Issues (20)
- `pipeline_shutdown_requested?` not found error with Logstash v7.17.x versions. HOT 2
- Invalid data stream configuration when using dlq_custom_codes option
- BREAKING: ssl_certificate_verification => true uses deprecated verifier since v11.14.0
- normalized SSL config not applied when LS core uses private-API build_client directly
- Unify the error behaviour for template installation and ilm
- Doc: Update docs to call out differences from standard offering
- Allow the creation of custom data streams HOT 1
- Reduce ES response size through use of filter_path HOT 3
- Use integration's metadata fields (id, index, pipeline) when present
- Use integration's metadata fields (_routing, _version, _version_type) when present
- New management of `version` and `version_type` corrupt datastreams processing
- Isolate datastream vs normal indexing decision into test fixture
- Plugin fails with permission denied error HOT 1
- Cannot bundle install due to gemspec deps HOT 1
- Doc: Update data streams info to explain implications of ECS settings
- Handling non UTF-8 data.
- Default values of `http_compression` and `compression_level` are incosistent HOT 2
- Determine if `data_streams => true` can be possible with ECS compatibility effectively disabled
- Doc: Expand `silence_errors_in_log` description to show possible values
- SSL settings changed and not documented HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from logstash-output-elasticsearch.