Open arve0 opened 1 year ago
Workaround is specifying elasticsearch version, which works:
api_version: v8
@arve0 - can you check your logs to see if this line is emitted?
"Unexpected response from Elasticsearch endpoint `/`. Consider setting `api_version` option."
I do not have the deployment running, but I do have log saved to OpenShift logging. No matches when searching for
Unexpected response from Elasticsearch endpoint
I do find matches for
Healthcheck passed
@arve0 Thank you for following up.
I found the root issue here. Vector omits the _type
parameter if version >= 7
(code ref). This logic assumes that the version number is an ElasticSearch version number and does not correctly handle OpenSearch version numbers (latest today is 2.5). To fix this, we need to detect both the version number and backend type (ES or OS).
For now, you can continue to use the workaround until a fix is implemented.
This is still present in 0.39.0
, just the message changed to {"timestamp":"2024-07-10T13:57:36.040431Z","level":"WARN","message":"Failed to determine Elasticsearch API version. Please fix the reported error or set an API version explicitly via `api_version`.","assumed_version":"8","error":"EOF while parsing a value at line 1 column 0","target":"vector::sinks::elasticsearch::common","span":{"component_id":"opensearch","component_kind":"sink","component_type":"elasticsearch","name":"sink"},"spans":[{"component_id":"opensearch","component_kind":"sink","component_type":"elasticsearch","name":"sink"}]}
Any ETA when this will be resolved by removing the automatic detection and how it will affect any future differences between ES and OpenSearch?
This is still present in
0.39.0
, just the message changed to{"timestamp":"2024-07-10T13:57:36.040431Z","level":"WARN","message":"Failed to determine Elasticsearch API version. Please fix the reported error or set an API version explicitly via `api_version`.","assumed_version":"8","error":"EOF while parsing a value at line 1 column 0","target":"vector::sinks::elasticsearch::common","span":{"component_id":"opensearch","component_kind":"sink","component_type":"elasticsearch","name":"sink"},"spans":[{"component_id":"opensearch","component_kind":"sink","component_type":"elasticsearch","name":"sink"}]}
Any ETA when this will be resolved by removing the automatic detection and how it will affect any future differences between ES and OpenSearch?
You can disable the automatic detection by setting api_version
.
A note for the community
Problem
Seems like vector to 0.30.0 broke elasticsearch version detection for OpenSearch endpoints. Our upgrade was from 0.29.1 to 0.30.0. Endpoint is running OpenSearch 2.5.0.
Error log is:
Configuration
Settings to vector are:
Version
vector 0.30.0 (aarch64-unknown-linux-gnu 38c3f0b 2023-05-22 17:38:48.655488673)
Debug Output
No response
Example Data
No response
Additional Context
No response
References
No response