Ah, OK, so this is in the JSON body and not in an actual HEAD request. This
could be modified whereever META_TYPE is used. Do you know if this works
for older versions of ES as well? If not, is it somehow possible to detect
the ES version?
Rainer
2016-12-21 16:31 GMT+01:00 matthew.gaetano <matthew.gaet...@gmx.ca>:
> I have the same warning messages in my Elasticsearch deprecation log,
> though
> i have yet to sort it out, and likely wont until early January.
> Elasticsearch 5.X is still relatively new, thus omelasticsearch likely has
> not caught up to some of the recent API changes. I have myself yet to
> submit
> a request in github.
>
> In lieu of knowledge in modifying the omelasticsearch code the following
> can
> be done as a work around, or in general to modify the API request sent to
> elasticsearch.
>
> Using TCPDUMP you can see the whats submitted to the cluster and pick out
> the API header at the start of omelasticsearch submission; looks like:
>
> {"index":{"_index": "myindex-2016.12.21","type":"events"}}{<data>}
>
> Because omelasticsearch allows for dynamic templates we can be sneaky and
> modify the request by adding additional json to as a constant. The
> following
> is an example of adding a pipeline using the index template
> (dynSearchIndex).
>
> template(
> name="myindex"
> type="list"
> ){
> constant(value="myindex")
> constant(value="-")
> property(name="timegenerated" dateFormat="rfc3339"
> position.from="1" position.to="4")
> constant(value=".")
> property(name="timegenerated" dateFormat="rfc3339"
> position.from="6" position.to="7")
> constant(value=".")
> property(name="timegenerated" dateFormat="rfc3339"
> position.from="9" position.to="10")
> constant(value="\",\"pipeline\":\"mypipeline")
> }
>
> Now when we check the tcpdump output for the request we see the following:
> {"index":{"_index":
> "myindex-2016.12.21","pipeline":"mypipline","type":"events"}}{<data>}
>
> This is what I currently do to provide geoip information (as i have yet to
> sort out the rsyslog version) as well as re-map field names when there are
> conflicts. A good example is when using the regular json output from
> impstats.
>
> The same could possible be applied to the type template (dynSearchType) to
> modify the API. Though i have yet to try; Im not super optimastic that it
> will. In theroy it might look something like the following (Note that this
> also assumes this fixes the deprecation concerns.):
>
> template(
> name="mytype"
> type="list"
> ){
> constant(value="_mapping\":{")
> constant(value="mytype")
> constant(value="}")
> }
>
>
> Thanks
>
> ~Regards
>
>
>
> -----
> ~Regards
>
> Matthew Gaetano
> --
> View this message in context: http://rsyslog-users.1305293.
> n2.nabble.com/omelasticsearch-index-warning-tp7591961p7591997.html
> Sent from the rsyslog-users mailing list archive at Nabble.com.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
