Closed nicenemo closed 2 years ago
I have traced this specific issue down to the HTTP input plugin's content-type-to-codec mapping (the additional_codecs
option, including its default value).
The HTTP input instantiates codec instances for its additional_codecs
option directly, without propagating the execution context. This means that those codecs do not have access to the pipeline settings, which in turn makes the deprecation noise legitimate -- if this pipeline were to be migrated to Logstash 8, the behaviour of those no-context codecs would use the default setting which would be a breaking change to the pipeline.
I have three paths forward for you:
Version 3.5.1 released today correctly contextualizes the inner codecs so that they can respect the pipeline setting (https://github.com/logstash-plugins/logstash-input-http/pull/152).
bin/logstash-plugin update logstash-input-http
Which should include the output:
Updated logstash-input-http 3.4.5 to 3.5.1
additional_codecs
If your HTTP endpoint only uses a single content type, you can bypass the problematic content-type-to-codec mapping and use only a single codec.
To do this, you will need to provide an empty mapping for content-type-to-codec to override the default:
additional_codecs => { }
And to provide a single codec matching your expected content-type; for JSON this would be:
codec => json
OR
codec => json {
# JSON codec directives inside these squiggles
}
pipeline.ecs_compatibility
in logstash.yml
Without the pipeline context, these codecs still fall back to global settings.
I believe this is fully-resolved with version 3.5.1 of the HTTP input plugin. Please feel free to reopen with additional details if this continues to be a problem after upgrading that plugin.
Logstash information:
Please include the following information:
bin/logstash --version
)Using bundled JDK: /usr/share/logstash/jdk
Plugins installed: (
bin/logstash-plugin list --verbose
)JVM (e.g.
java -version
): bundled with LogstashOS version (
uname -a
if on a Unix-like system):Linux elk 5.10.0-13-cloud-arm64 #1 SMP Debian 5.10.106-1 (2022-03-17) aarch64 GNU/Linux
Description of the problem including expected versus actual behavior:
We have data that adheres to a strict schema but will never be ECS compliant therefore we disabled ECS compatibility on a per pipeline basis in
pipelines.yml
. Still we get deprecation warning on ECS compatibility. We did not configure ECS compatibility within the pipeline definitions. We are NOT using Elasticsearch data streams for these pipelines as output. we do use Elasticsearch ILM as output and file output. Other input/outputs are pipeline and sqs.Still we see depreaction warnings.
Steps to reproduce:
Have one or more pipeline definitions with ecs compatibility set to disabled in
pipelines.yml
:All pipelines in the
pipelines.yml
are defines with ECS compatibility disabled.For now I did not include all pipeline definitions and configs because redacting those is a lot of work and I don't think adding those will add much.
Provide logs (if relevant):