elastic / logstash

Logstash - transport and process your logs, events, or other data
https://www.elastic.co/products/logstash
Other
106 stars 3.51k forks source link

(output.elasticsearch) force user agent to be logstash #16449

Open stefnestor opened 2 months ago

stefnestor commented 2 months ago

👋 howdy, team!

For the Logstash API outputs or at least for its Elasticsearch output would you kindly consider forcing its HTTP user agent to report as Logstash? "Manticore" still creeps through sometimes-almost-randomly which most team mates don't know how to interpret.

Example from Elastic Cloud proxy logging showing even recent versions affected by user_agent: Manticore *

Image

Image

Vs expected user agent formats Logstash/* like

Image

TIA! 🙏

(Self-note: data uncertainty would be further exposed once es#112845 done, but concern would be reduced by ls#16448 if implemented instead.)

robbavey commented 2 months ago

@stefnestor That is surprising, as we have set the user-agent to Logstash/xxxx in all of our Elasticsearch plugins for a while now - we have shipped versions of the elasticsearch input, filter and output that populated the user-agent with Logstash/<VERSION> since 7.16.0. They used manticore-0.7.1, so I am surprised to see versions of manticore higher than that in your proxy logs.

What does the handling_version in the first table refer to?

Is there a way to understand which endpoints are being hit, so we can isolate where we believe the issue is? I would be particularly interested in seeing the proxy logs when the user-agent is Manticore > 0.7.1