Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Doc: Add notes and guidelines for elasticsearch svrless #1164

Merged
merged 5 commits into from
Dec 13, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
## 11.22.2
- [DOC] Add content for sending data to Elasticsearch on serverless [#1164](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1164)

## 11.22.1
- Fix, avoid to populate `version` and `version_type` attributes when processing integration metadata and datastream is enabled. [#1161](https://github.com/logstash-plugins/logstash-output-elasticsearch/pull/1161)

Expand Down
70 changes: 46 additions & 24 deletions docs/index.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ the website landing page or in the {ref}[Elasticsearch documentation].

.Compatibility Note
[NOTE]
================================================================================
=====
When connected to Elasticsearch 7.x, modern versions of this plugin
don't use the document-type when inserting documents, unless the user
explicitly sets <<plugins-{type}s-{plugin}-document_type>>.
Expand All @@ -42,9 +42,30 @@ picks up changes to the Elasticsearch index template.
If you are using a custom <<plugins-{type}s-{plugin}-template>>,
ensure your template uses the `_doc` document-type before
connecting to Elasticsearch 7.x.
================================================================================
=====

===== Hosted {es} Service on Elastic Cloud
[id="plugins-{type}s-{plugin}-serverless"]
==== {ls} to {es-serverless}

You can use this plugin to send your {ls} data to {es-serverless}.
Some differences to note between {es-serverless} and self-managed {es}:

* Use *API keys* to access {serverless-full} from {ls}.
Any user-based security settings in your in your <<plugins-outputs-elasticsearch,{es} output plugin>> configuration are ignored and may cause errors.
* {es-serverless} uses *data streams* and {ref}/data-stream-lifecycle.html[{dlm} ({dlm-init})] instead of {ilm} ({ilm-init}).
Any {ilm-init} settings in your <<plugins-outputs-elasticsearch,{es} output plugin>> configuration are ignored and may cause errors.
* *{ls} monitoring* is available through the https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md[{ls} Integration] in {serverless-docs}/observability/what-is-observability-serverless[Elastic Observability] on {serverless-full}.

.Known issue for {ls} to {es-serverless}
****
The logstash-output-elasticsearch `hosts` setting on {serverless-short} defaults the port to 9200 when omitted.
Set the value to port :443 instead.
****

karenzone marked this conversation as resolved.
Show resolved Hide resolved
For more info on sending data from {ls} to {es-serverless}, check out the {serverless-docs}/elasticsearch/what-is-elasticsearch-serverless[{es-serverless} docs].

[id="plugins-{type}s-{plugin}-ess"]
==== Hosted {es} Service on Elastic Cloud

{ess-leadin}

Expand All @@ -68,8 +89,8 @@ and will correctly reject events with fields that conflict and cannot be coerced
The {es} output plugin can store both time series datasets (such
as logs, events, and metrics) and non-time series data in Elasticsearch.

The data stream options are recommended for indexing time series datasets (such
as logs, metrics, and events) into {es}:
Use the data stream options for indexing time series datasets (such
as logs, metrics, and events) into {es} and {es-serverless}:

* <<plugins-{type}s-{plugin}-data_stream>>
* <<plugins-{type}s-{plugin}-data_stream_auto_routing>>
Expand Down Expand Up @@ -200,27 +221,28 @@ The list of error codes accepted for DLQ could be customized with <<plugins-{typ
but should be used only in motivated cases.

[id="plugins-{type}s-{plugin}-ilm"]
==== Index Lifecycle Management
==== {ilm-cap} ({ilm-init})

[NOTE]
The Index Lifecycle Management feature requires plugin version `9.3.1` or higher.
--
* The {ilm-cap} ({ilm-init}) feature does not apply for {es-serverless}.
Any {ilm-init} settings in your plugin configuration are ignored and may cause errors.
* The {ilm-init} feature requires plugin version `9.3.1` or higher.
* This feature requires an {es} instance of 6.6.0 or higher with at least a Basic license
--

[NOTE]
This feature requires an Elasticsearch instance of 6.6.0 or higher with at least a Basic license
{ls} can use {ref}/index-lifecycle-management.html[{ilm}] to automate the management of indices over time.

Logstash can use {ref}/index-lifecycle-management.html[Index Lifecycle
Management] to automate the management of indices over time.

The use of Index Lifecycle Management is controlled by the `ilm_enabled`
The use of {ilm} is controlled by the `ilm_enabled`
setting. By default, this setting detects whether the Elasticsearch instance
supports ILM, and uses it if it is available. `ilm_enabled` can also be set to
`true` or `false` to override the automatic detection, or disable ILM.
supports {ilm-init}, and uses it if it is available. `ilm_enabled` can also be set to
`true` or `false` to override the automatic detection, or disable {ilm-init}.

This will overwrite the index settings and adjust the Logstash template to write
the necessary settings for the template to support index lifecycle management,
This will overwrite the index settings and adjust the {ls} template to write
the necessary settings for the template to support {ilm},
including the index policy and rollover alias to be used.

Logstash will create a rollover alias for the indices to be written to,
{ls} creates a rollover alias for the indices to be written to,
including a pattern for how the actual indices will be named, and unless an ILM
policy that already exists has been specified, a default policy will also be
created. The default policy is configured to rollover an index when it reaches
Expand All @@ -246,14 +268,14 @@ See config below for an example:
}
}

NOTE: Custom ILM policies must already exist on the Elasticsearch cluster before they can be used.

NOTE: If the rollover alias or pattern is modified, the index template will need to be
[NOTE]
--
* Custom ILM policies must already exist on the {es} cluster before they can be used.
* If the rollover alias or pattern is modified, the index template will need to be
overwritten as the settings `index.lifecycle.name` and
`index.lifecycle.rollover_alias` are automatically written to the template

NOTE: If the index property is supplied in the output definition, it will be overwritten by the rollover alias.

* If the index property is supplied in the output definition, it will be overwritten by the rollover alias.
--

==== Batch Sizes

Expand Down
2 changes: 1 addition & 1 deletion logstash-output-elasticsearch.gemspec
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
Gem::Specification.new do |s|
s.name = 'logstash-output-elasticsearch'
s.version = '11.22.1'
s.version = '11.22.2'
s.licenses = ['apache-2.0']
s.summary = "Stores logs in Elasticsearch"
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
Expand Down