You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What is the bug?
when attempting to add multiple integrations that contain log templates - the patterns collide and prevent correct creation of the specific integration's log index template
How can one reproduce the bug?
Setup AWS-ELB integration
Setup Nginx integration
The logs index templates are conflicting since they both share the next index pattern:
What is the expected behavior?
Since the logs index templates are not created in advance for all types of possible log combinations,
We need a clear distinction between each log associated for each integration:
Each integration will include the log mapping with a distinct name:
ELB will contain logs-elb where the index pattern inside the index template will be
And so on for the rest of the common log index templates.
This will prevent the collision both in the index-pattern and both in the index mapping template name that will be very explicit for which integration it addresses - this also makes the template priority redundant ...
Simplified query access
In addition to simplify the queries access to the index - each mapping will contain a shortened version of the index name - AKA alias:
For ss4o_logs-elb-* the template will contain the next index alias:
"aliases": {"logs-elb": {}},
This will simplify the queries and access patterns to the generated log indices and define the standard access convention in a meaningful format .
What is the bug?
when attempting to add multiple integrations that contain log templates - the patterns collide and prevent correct creation of the specific integration's log index template
How can one reproduce the bug?
Setup AWS-ELB integration
Setup Nginx integration
The logs index templates are conflicting since they both share the next index pattern:
What is the expected behavior?
Since the logs index templates are not created in advance for all types of possible log combinations,
We need a clear distinction between each log associated for each integration:
logs-elb
where the index pattern inside the index template will belogs-nginx
where the index pattern inside the index template will beAnd so on for the rest of the common log index templates.
This will prevent the collision both in the index-pattern and both in the index mapping template name that will be very explicit for which integration it addresses - this also makes the template priority redundant ...
Simplified query access
In addition to simplify the queries access to the index - each mapping will contain a shortened version of the index name - AKA alias:
For
ss4o_logs-elb-*
the template will contain the next index alias:This will simplify the queries and access patterns to the generated log indices and define the standard access convention in a meaningful format .
Do you have any additional context?
Avoid index pattern collisions
The text was updated successfully, but these errors were encountered: