From 241a8b4cdece20273178c521ec22f62ff56c215c Mon Sep 17 00:00:00 2001 From: Marat Abrarov Date: Sat, 24 Jun 2023 23:07:29 +0300 Subject: [PATCH 1/5] pipeline: outputs: es: support of Upstream Signed-off-by: Marat Abrarov --- .../classic-mode/upstream-servers.md | 1 + pipeline/outputs/elasticsearch.md | 131 ++++++++++++------ 2 files changed, 91 insertions(+), 41 deletions(-) diff --git a/administration/configuring-fluent-bit/classic-mode/upstream-servers.md b/administration/configuring-fluent-bit/classic-mode/upstream-servers.md index 5f590af39..178b13eca 100644 --- a/administration/configuring-fluent-bit/classic-mode/upstream-servers.md +++ b/administration/configuring-fluent-bit/classic-mode/upstream-servers.md @@ -5,6 +5,7 @@ Fluent Bit [output plugins](../../../pipeline/outputs.md) aim to connect to exte An `Upstream` defines a set of nodes that will be targeted by an output plugin, by the nature of the implementation an output plugin must support the `Upstream` feature. The following plugin has `Upstream` support: - [Forward](../../../pipeline/outputs/forward.md) +- [Elasticsearch](../../../pipeline/outputs/elasticsearch.md) The current balancing mode implemented is `round-robin`. diff --git a/pipeline/outputs/elasticsearch.md b/pipeline/outputs/elasticsearch.md index 0c21f31f1..21414bf4c 100644 --- a/pipeline/outputs/elasticsearch.md +++ b/pipeline/outputs/elasticsearch.md @@ -10,47 +10,52 @@ The _Elasticsearch_ (`es`) output plugin lets you ingest your records into an [E This plugin has the following configuration parameters: -| Key | Description | Default | -| :--- | :--- | :--- | -| `Host` | IP address or hostname of the target Elasticsearch instance | `127.0.0.1` | -| `Port` | TCP port of the target Elasticsearch instance | `9200` | -| `Path` | Elasticsearch accepts new data on HTTP query path `/_bulk`. You can also serve Elasticsearch behind a reverse proxy on a sub-path. Define the path by adding a path prefix in the indexing HTTP POST URI. | Empty string | -| `compress` | Set payload compression mechanism. Option available is `gzip`. | _none_ | -| `Buffer_Size` | Specify the buffer size used to read the response from the Elasticsearch HTTP service. Use for debugging purposes where required to read full responses. Response size grows depending of the number of records inserted. To use an unlimited amount of memory, set this value to `False`. Otherwise set the value according to the [Unit Size](../../administration/configuring-fluent-bit.md#unit-sizes). | `512KB` | -| `Pipeline` | Define which pipeline the database should use. For performance reasons, it's strongly suggested to do parsing and filtering on Fluent Bit side, and avoid pipelines. | _none_ | -| `AWS_Auth` | Enable AWS Sigv4 Authentication for Amazon OpenSearch Service. | `Off` | -| `AWS_Region` | Specify the AWS region for Amazon OpenSearch Service. | _none_ | -| `AWS_STS_Endpoint` | Specify the custom STS endpoint to be used with STS API for Amazon OpenSearch Service | _none_ | -| `AWS_Role_ARN` | AWS IAM Role to assume to put records to your Amazon cluster | _none_ | -| `AWS_External_ID` | External ID for the AWS IAM Role specified with `aws_role_arn` | _none_ | -| `AWS_Service_Name` | Service name to use in AWS Sigv4 signature. For integration with Amazon OpenSearch Serverless, set to `aoss`. See [Amazon OpenSearch Serverless](opensearch.md) for more information. | `es` | -| `AWS_Profile` | AWS profile name | `default` | -| `Cloud_ID` | If using Elastic's Elasticsearch Service you can specify the `cloud_id` of the cluster running. The string has the format `:`. Once decoded, the `base64_info` string has the format `$$`. | _none_ | -| `Cloud_Auth` | Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud | _none_ | -| `HTTP_User` | Optional username credential for Elastic X-Pack access | _none_ | -| `HTTP_Passwd` | Password for user defined in `HTTP_User` | _none_ | -| `HTTP_API_Key` | API key for authenticating with Elasticsearch. Must be `base64` encoded. If `HTTP_User` or `Cloud_Auth` are defined, this parameter is ignored. | _none_ | -| `Index` | Index name | `fluent-bit` | -| `Type` | Type name | `_doc` | -| `Logstash_Format` | Enable Logstash format compatibility. This option takes a Boolean value: `True/False`, `On/Off` | `Off` | -| `Logstash_Prefix` | When `Logstash_Format` is enabled, the Index name is composed using a prefix and the date, e.g: If `Logstash_Prefix` is equal to `mydata` your index will become `mydata-YYYY.MM.DD`. The last string appended belongs to the date when the data is being generated. | `logstash` | -| `Logstash_Prefix_Key` | When included: the value of the key in the record will be evaluated as key reference and overrides `Logstash_Prefix` for index generation. If the key/value isn't found in the record then the `Logstash_Prefix` option will act as a fallback. The parameter is expected to be a [record accessor](../../administration/configuring-fluent-bit/classic-mode/record-accessor.md). | _none_ | -| `Logstash_Prefix_Separator` | Set a separator between `Logstash_Prefix` and date.| `-` | -| `Logstash_DateFormat` | Time format based on [strftime](https://man7.org/linux/man-pages/man3/strftime.3.html) to generate the second part of the Index name. | `%Y.%m.%d` | -| `Time_Key` | When `Logstash_Format` is enabled, each record will get a new timestamp field. The `Time_Key` property defines the name of that field. | `@timestamp` | -| `Time_Key_Format` | When `Logstash_Format` is enabled, this property defines the format of the timestamp. | `%Y-%m-%dT%H:%M:%S` | -| `Time_Key_Nanos` | When `Logstash_Format` is enabled, enabling this property sends nanosecond precision timestamps. | `Off` | -| `Include_Tag_Key` | When enabled, it append the Tag name to the record. | `Off` | -| `Tag_Key` | When `Include_Tag_Key` is enabled, this property defines the key name for the tag. | `_flb-key` | -| `Generate_ID` | When enabled, generate `_id` for outgoing records. This prevents duplicate records when retrying ES. | `Off` | -| `Id_Key` | If set, `_id` will be the value of the key from incoming record and `Generate_ID` option is ignored. | _none_ | -| `Write_Operation` | `Write_operation` can be any of: `create`, `index`, `update`, `upsert`. | `create` | -| `Replace_Dots` | When enabled, replace field name dots with underscore. Required by Elasticsearch 2.0-2.3. | `Off` | -| `Trace_Output` | Print all ElasticSearch API request payloads to `stdout` for diagnostics. | `Off` | -| `Trace_Error` | If ElasticSearch returns an error, print the ElasticSearch API request and response for diagnostics. | `Off` | -| `Current_Time_Index` | Use current time for index generation instead of message record. | `Off` | -| `Suppress_Type_Name` | When enabled, mapping types is removed and `Type` option is ignored. Elasticsearch 8.0.0 or higher [no longer supports mapping types](https://www.elastic.co/guide/en/elasticsearch/reference/current/removal-of-types.html), and is set to `On`. | `Off` | -| `Workers` | The number of [workers](../../administration/multithreading.md#outputs) to perform flush operations for this output. | `2` | +The **Overridable** column indicates if a key can be overridden in the NODE section of an +[Upstream](../../administration/configuring-fluent-bit/classic-mode/upstream-servers.md) +configuration. + +| Key | Description | Default | Overridable | +| :--- | :--- | :--- | :--- | +| `Host` | IP address or hostname of the target Elasticsearch instance. | `127.0.0.1` | Yes. Default value isn't applicable for NODE section of Upstream configuration, which requires `Host` to be specified. | +| `Port` | TCP port of the target Elasticsearch instance. | `9200` | Yes. Default value isn't applicable for NODE section of Upstream configuration, which requires `Port` to be specified. | +| `Path` | Elasticsearch accepts new data on HTTP query path `/_bulk`. You can also serve Elasticsearch behind a reverse proxy on a sub-path. Define the path by adding a path prefix in the indexing HTTP POST URI. | Empty string | Yes | +| `compress` | Set payload compression mechanism. Option available is `gzip`. | _none_ | Yes | +| `Buffer_Size` | Specify the buffer size used to read the response from the Elasticsearch HTTP service. Use for debugging purposes where required to read full responses. Response size grows depending of the number of records inserted. To use an unlimited amount of memory, set this value to `False`. Otherwise set the value according to the [Unit Size](../../administration/configuring-fluent-bit.md#unit-sizes). | `512KB` | Yes | +| `Pipeline` | Define which pipeline the database should use. For performance reasons, it's strongly suggested to do parsing and filtering on Fluent Bit side, and avoid pipelines. | _none_ | Yes | +| `AWS_Auth` | Enable AWS Sigv4 Authentication for Amazon OpenSearch Service. | `Off` | Yes | +| `AWS_Region` | Specify the AWS region for Amazon OpenSearch Service. | _none_ | Yes | +| `AWS_STS_Endpoint` | Specify the custom STS endpoint to be used with STS API for Amazon OpenSearch Service | _none_ | Yes | +| `AWS_Role_ARN` | AWS IAM Role to assume to put records to your Amazon cluster | _none_ | Yes | +| `AWS_External_ID` | External ID for the AWS IAM Role specified with `aws_role_arn` | _none_ | Yes | +| `AWS_Service_Name` | Service name to use in AWS Sigv4 signature. For integration with Amazon OpenSearch Serverless, set to `aoss`. See [Amazon OpenSearch Serverless](opensearch.md) for more information. | `es` | Yes | +| `AWS_Profile` | AWS profile name | `default` | Yes | +| `Cloud_ID` | If using Elastic's Elasticsearch Service you can specify the `cloud_id` of the cluster running. The string has the format `:`. Once decoded, the `base64_info` string has the format `$$`. | _none_ | No | +| `Cloud_Auth` | Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud | _none_ | Yes | +| `HTTP_User` | Optional username credential for Elastic X-Pack access | _none_ | Yes | +| `HTTP_Passwd` | Password for user defined in `HTTP_User` | _none_ | Yes | +| `HTTP_API_Key` | API key for authenticating with Elasticsearch. Must be `base64` encoded. If `HTTP_User` or `Cloud_Auth` are defined, this parameter is ignored. | _none_ | Yes | +| `Index` | Index name | `fluent-bit` | Yes | +| `Type` | Type name | `_doc` | Yes | +| `Logstash_Format` | Enable Logstash format compatibility. This option takes a Boolean value: `True/False`, `On/Off` | `Off` | Yes | +| `Logstash_Prefix` | When `Logstash_Format` is enabled, the Index name is composed using a prefix and the date, e.g: If `Logstash_Prefix` is equal to `mydata` your index will become `mydata-YYYY.MM.DD`. The last string appended belongs to the date when the data is being generated. | `logstash` | Yes | +| `Logstash_Prefix_Key` | When included: the value of the key in the record will be evaluated as key reference and overrides `Logstash_Prefix` for index generation. If the key/value isn't found in the record then the `Logstash_Prefix` option will act as a fallback. The parameter is expected to be a [record accessor](../../administration/configuring-fluent-bit/classic-mode/record-accessor.md). | _none_ | Yes | +| `Logstash_Prefix_Separator` | Set a separator between `Logstash_Prefix` and date.| `-` | Yes | +| `Logstash_DateFormat` | Time format based on [strftime](https://man7.org/linux/man-pages/man3/strftime.3.html) to generate the second part of the Index name. | `%Y.%m.%d` | Yes | +| `Time_Key` | When `Logstash_Format` is enabled, each record will get a new timestamp field. The `Time_Key` property defines the name of that field. | `@timestamp` | Yes | +| `Time_Key_Format` | When `Logstash_Format` is enabled, this property defines the format of the timestamp. | `%Y-%m-%dT%H:%M:%S` | Yes | +| `Time_Key_Nanos` | When `Logstash_Format` is enabled, enabling this property sends nanosecond precision timestamps. | `Off` | Yes | +| `Include_Tag_Key` | When enabled, it append the Tag name to the record. | `Off` | Yes | +| `Tag_Key` | When `Include_Tag_Key` is enabled, this property defines the key name for the tag. | `_flb-key` | Yes | +| `Generate_ID` | When enabled, generate `_id` for outgoing records. This prevents duplicate records when retrying ES. | `Off` | Yes | +| `Id_Key` | If set, `_id` will be the value of the key from incoming record and `Generate_ID` option is ignored. | _none_ | Yes | +| `Write_Operation` | `Write_operation` can be any of: `create`, `index`, `update`, `upsert`. | `create` | Yes | +| `Replace_Dots` | When enabled, replace field name dots with underscore. Required by Elasticsearch 2.0-2.3. | `Off` | Yes | +| `Trace_Output` | Print all ElasticSearch API request payloads to `stdout` for diagnostics. | `Off` | Yes | +| `Trace_Error` | If ElasticSearch returns an error, print the ElasticSearch API request and response for diagnostics. | `Off` | Yes | +| `Current_Time_Index` | Use current time for index generation instead of message record. | `Off` | Yes | +| `Suppress_Type_Name` | When enabled, mapping types is removed and `Type` option is ignored. Elasticsearch 8.0.0 or higher [no longer supports mapping types](https://www.elastic.co/guide/en/elasticsearch/reference/current/removal-of-types.html), and is set to `On`. | `Off` | Yes | +| `Workers` | The number of [workers](../../administration/multithreading.md#outputs) to perform flush operations for this output. | `2` | No | +| `Upstream` | If plugin will connect to an _Upstream_ instead of a simple host, this property defines the absolute path for the Upstream configuration file, for more details about this refer to the [Upstream Servers](../../administration/configuring-fluent-bit/classic-mode/upstream-servers.md) documentation section. | _none_ | No | If you have used a common relational database, the parameters `index` and `type` can be compared to the `database` and `table` concepts. @@ -58,6 +63,10 @@ If you have used a common relational database, the parameters `index` and `type` The Elasticsearch output plugin supports TLS/SSL. For more details about the properties available and general configuration, see [TLS/SSL](../../administration/transport-security.md). +### AWS Sigv4 Authentication and Upstream Servers + +The `http_proxy`, `no_proxy`, and `TLS` parameters used for AWS Sigv4 Authentication (for connection of plugin to AWS to generate authentication signature) are never picked from the `NODE` section of the [Upstream](../../administration/configuring-fluent-bit/classic-mode/upstream-servers.md) configuration. However, `TLS` parameters for connection of the plugin to Elasticsearch can be overridden in the `NODE` section of Upstream, even if AWS authentication is used. + ### `write_operation` The `write_operation` can be any of: @@ -149,6 +158,46 @@ pipeline: {% endtab %} {% endtabs %} +### Configuration File with Upstream + +In your main configuration file append the following _Input_ & _Output_ sections: + +```text +[INPUT] + Name cpu + Tag cpu + +[OUTPUT] + Name es + Match * + Upstream ./upstream.conf + Index my_index + Type my_type +``` + +Your [Upstream Servers](../../administration/configuring-fluent-bit/classic-mode/upstream-servers.md) +configuration file can be similar to the following: + +```text +[UPSTREAM] + name es-balancing + +[NODE] + name node-1 + host localhost + port 9201 + +[NODE] + name node-2 + host localhost + port 9202 + +[NODE] + name node-3 + host localhost + port 9203 +``` + ## Elasticsearch field names Some input plugins can generate messages where the field names contains dots (`.`). For Elasticsearch 2.0, this isn't allowed. The current `es` plugin replaces a dot with an underscore (`_`): From 454e5248dd9fde05d27135b9bbd1f1c5bdc9ba38 Mon Sep 17 00:00:00 2001 From: Marat Abrarov Date: Fri, 25 Oct 2024 06:37:15 +0300 Subject: [PATCH 2/5] pipeline: outputs: es: formatting of "Description" column Signed-off-by: Marat Abrarov --- pipeline/outputs/elasticsearch.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/pipeline/outputs/elasticsearch.md b/pipeline/outputs/elasticsearch.md index 21414bf4c..592d0be4f 100644 --- a/pipeline/outputs/elasticsearch.md +++ b/pipeline/outputs/elasticsearch.md @@ -24,22 +24,22 @@ configuration. | `Pipeline` | Define which pipeline the database should use. For performance reasons, it's strongly suggested to do parsing and filtering on Fluent Bit side, and avoid pipelines. | _none_ | Yes | | `AWS_Auth` | Enable AWS Sigv4 Authentication for Amazon OpenSearch Service. | `Off` | Yes | | `AWS_Region` | Specify the AWS region for Amazon OpenSearch Service. | _none_ | Yes | -| `AWS_STS_Endpoint` | Specify the custom STS endpoint to be used with STS API for Amazon OpenSearch Service | _none_ | Yes | -| `AWS_Role_ARN` | AWS IAM Role to assume to put records to your Amazon cluster | _none_ | Yes | -| `AWS_External_ID` | External ID for the AWS IAM Role specified with `aws_role_arn` | _none_ | Yes | +| `AWS_STS_Endpoint` | Specify the custom STS endpoint to be used with STS API for Amazon OpenSearch Service. | _none_ | Yes | +| `AWS_Role_ARN` | AWS IAM Role to assume to put records to your Amazon cluster. | _none_ | Yes | +| `AWS_External_ID` | External ID for the AWS IAM Role specified with `aws_role_arn`. | _none_ | Yes | | `AWS_Service_Name` | Service name to use in AWS Sigv4 signature. For integration with Amazon OpenSearch Serverless, set to `aoss`. See [Amazon OpenSearch Serverless](opensearch.md) for more information. | `es` | Yes | -| `AWS_Profile` | AWS profile name | `default` | Yes | +| `AWS_Profile` | AWS profile name. | `default` | Yes | | `Cloud_ID` | If using Elastic's Elasticsearch Service you can specify the `cloud_id` of the cluster running. The string has the format `:`. Once decoded, the `base64_info` string has the format `$$`. | _none_ | No | -| `Cloud_Auth` | Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud | _none_ | Yes | -| `HTTP_User` | Optional username credential for Elastic X-Pack access | _none_ | Yes | -| `HTTP_Passwd` | Password for user defined in `HTTP_User` | _none_ | Yes | +| `Cloud_Auth` | Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud. | _none_ | Yes | +| `HTTP_User` | Optional username credential for Elastic X-Pack access. | _none_ | Yes | +| `HTTP_Passwd` | Password for user defined in `HTTP_User`. | _none_ | Yes | | `HTTP_API_Key` | API key for authenticating with Elasticsearch. Must be `base64` encoded. If `HTTP_User` or `Cloud_Auth` are defined, this parameter is ignored. | _none_ | Yes | -| `Index` | Index name | `fluent-bit` | Yes | -| `Type` | Type name | `_doc` | Yes | -| `Logstash_Format` | Enable Logstash format compatibility. This option takes a Boolean value: `True/False`, `On/Off` | `Off` | Yes | +| `Index` | Index name. | `fluent-bit` | Yes | +| `Type` | Type name. | `_doc` | Yes | +| `Logstash_Format` | Enable Logstash format compatibility. This option takes a Boolean value: `True/False`, `On/Off`. | `Off` | Yes | | `Logstash_Prefix` | When `Logstash_Format` is enabled, the Index name is composed using a prefix and the date, e.g: If `Logstash_Prefix` is equal to `mydata` your index will become `mydata-YYYY.MM.DD`. The last string appended belongs to the date when the data is being generated. | `logstash` | Yes | | `Logstash_Prefix_Key` | When included: the value of the key in the record will be evaluated as key reference and overrides `Logstash_Prefix` for index generation. If the key/value isn't found in the record then the `Logstash_Prefix` option will act as a fallback. The parameter is expected to be a [record accessor](../../administration/configuring-fluent-bit/classic-mode/record-accessor.md). | _none_ | Yes | -| `Logstash_Prefix_Separator` | Set a separator between `Logstash_Prefix` and date.| `-` | Yes | +| `Logstash_Prefix_Separator` | Set a separator between `Logstash_Prefix` and date. | `-` | Yes | | `Logstash_DateFormat` | Time format based on [strftime](https://man7.org/linux/man-pages/man3/strftime.3.html) to generate the second part of the Index name. | `%Y.%m.%d` | Yes | | `Time_Key` | When `Logstash_Format` is enabled, each record will get a new timestamp field. The `Time_Key` property defines the name of that field. | `@timestamp` | Yes | | `Time_Key_Format` | When `Logstash_Format` is enabled, this property defines the format of the timestamp. | `%Y-%m-%dT%H:%M:%S` | Yes | From e1ef46fdf6ad7212711b40fe0040956f1ffea8f9 Mon Sep 17 00:00:00 2001 From: Marat Abrarov Date: Thu, 29 Aug 2024 16:49:47 +0300 Subject: [PATCH 3/5] pipeline: outputs: es: re-phrasing and re-wording, grammar fixes based on review comments. Signed-off-by: Marat Abrarov --- pipeline/outputs/elasticsearch.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pipeline/outputs/elasticsearch.md b/pipeline/outputs/elasticsearch.md index 592d0be4f..2c4ad6650 100644 --- a/pipeline/outputs/elasticsearch.md +++ b/pipeline/outputs/elasticsearch.md @@ -29,7 +29,7 @@ configuration. | `AWS_External_ID` | External ID for the AWS IAM Role specified with `aws_role_arn`. | _none_ | Yes | | `AWS_Service_Name` | Service name to use in AWS Sigv4 signature. For integration with Amazon OpenSearch Serverless, set to `aoss`. See [Amazon OpenSearch Serverless](opensearch.md) for more information. | `es` | Yes | | `AWS_Profile` | AWS profile name. | `default` | Yes | -| `Cloud_ID` | If using Elastic's Elasticsearch Service you can specify the `cloud_id` of the cluster running. The string has the format `:`. Once decoded, the `base64_info` string has the format `$$`. | _none_ | No | +| `Cloud_ID` | If using Elastic's Elasticsearch Service you can specify the `cloud_id` of the cluster running. The string has the format `:`. After decoding, the `base64_info` string has the format `$$`. | _none_ | No | | `Cloud_Auth` | Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud. | _none_ | Yes | | `HTTP_User` | Optional username credential for Elastic X-Pack access. | _none_ | Yes | | `HTTP_Passwd` | Password for user defined in `HTTP_User`. | _none_ | Yes | @@ -37,23 +37,23 @@ configuration. | `Index` | Index name. | `fluent-bit` | Yes | | `Type` | Type name. | `_doc` | Yes | | `Logstash_Format` | Enable Logstash format compatibility. This option takes a Boolean value: `True/False`, `On/Off`. | `Off` | Yes | -| `Logstash_Prefix` | When `Logstash_Format` is enabled, the Index name is composed using a prefix and the date, e.g: If `Logstash_Prefix` is equal to `mydata` your index will become `mydata-YYYY.MM.DD`. The last string appended belongs to the date when the data is being generated. | `logstash` | Yes | -| `Logstash_Prefix_Key` | When included: the value of the key in the record will be evaluated as key reference and overrides `Logstash_Prefix` for index generation. If the key/value isn't found in the record then the `Logstash_Prefix` option will act as a fallback. The parameter is expected to be a [record accessor](../../administration/configuring-fluent-bit/classic-mode/record-accessor.md). | _none_ | Yes | +| `Logstash_Prefix` | When `Logstash_Format` is enabled, the Index name is composed using a prefix and the date, For example, if `Logstash_Prefix` is equal to `mydata`, your index becomes `mydata-YYYY.MM.DD`. The last string appended belongs to the date when the data is being generated. | `logstash` | Yes | +| `Logstash_Prefix_Key` | When included: the value of the key in the record will be evaluated as key reference and overrides `Logstash_Prefix` for index generation. If the key/value isn't found in the record, the `Logstash_Prefix` option will act as a fallback. The parameter is expected to be a [record accessor](../../administration/configuring-fluent-bit/classic-mode/record-accessor.md). | _none_ | Yes | | `Logstash_Prefix_Separator` | Set a separator between `Logstash_Prefix` and date. | `-` | Yes | | `Logstash_DateFormat` | Time format based on [strftime](https://man7.org/linux/man-pages/man3/strftime.3.html) to generate the second part of the Index name. | `%Y.%m.%d` | Yes | -| `Time_Key` | When `Logstash_Format` is enabled, each record will get a new timestamp field. The `Time_Key` property defines the name of that field. | `@timestamp` | Yes | +| `Time_Key` | When `Logstash_Format` is enabled, each record gets a new timestamp field. The `Time_Key` property defines the name of that field. | `@timestamp` | Yes | | `Time_Key_Format` | When `Logstash_Format` is enabled, this property defines the format of the timestamp. | `%Y-%m-%dT%H:%M:%S` | Yes | | `Time_Key_Nanos` | When `Logstash_Format` is enabled, enabling this property sends nanosecond precision timestamps. | `Off` | Yes | | `Include_Tag_Key` | When enabled, it append the Tag name to the record. | `Off` | Yes | | `Tag_Key` | When `Include_Tag_Key` is enabled, this property defines the key name for the tag. | `_flb-key` | Yes | | `Generate_ID` | When enabled, generate `_id` for outgoing records. This prevents duplicate records when retrying ES. | `Off` | Yes | -| `Id_Key` | If set, `_id` will be the value of the key from incoming record and `Generate_ID` option is ignored. | _none_ | Yes | +| `Id_Key` | If set, `_id` is the value of the key from incoming record, and `Generate_ID` option is ignored. | _none_ | Yes | | `Write_Operation` | `Write_operation` can be any of: `create`, `index`, `update`, `upsert`. | `create` | Yes | | `Replace_Dots` | When enabled, replace field name dots with underscore. Required by Elasticsearch 2.0-2.3. | `Off` | Yes | | `Trace_Output` | Print all ElasticSearch API request payloads to `stdout` for diagnostics. | `Off` | Yes | | `Trace_Error` | If ElasticSearch returns an error, print the ElasticSearch API request and response for diagnostics. | `Off` | Yes | | `Current_Time_Index` | Use current time for index generation instead of message record. | `Off` | Yes | -| `Suppress_Type_Name` | When enabled, mapping types is removed and `Type` option is ignored. Elasticsearch 8.0.0 or higher [no longer supports mapping types](https://www.elastic.co/guide/en/elasticsearch/reference/current/removal-of-types.html), and is set to `On`. | `Off` | Yes | +| `Suppress_Type_Name` | When enabled, mapping types is removed and `Type` option is ignored. Elasticsearch 8.0.0 or later [doesn't support mapping types](https://www.elastic.co/guide/en/elasticsearch/reference/current/removal-of-types.html), which requires this value to be `On`. | `Off` | Yes | | `Workers` | The number of [workers](../../administration/multithreading.md#outputs) to perform flush operations for this output. | `2` | No | | `Upstream` | If plugin will connect to an _Upstream_ instead of a simple host, this property defines the absolute path for the Upstream configuration file, for more details about this refer to the [Upstream Servers](../../administration/configuring-fluent-bit/classic-mode/upstream-servers.md) documentation section. | _none_ | No | @@ -160,7 +160,7 @@ pipeline: ### Configuration File with Upstream -In your main configuration file append the following _Input_ & _Output_ sections: +In your main configuration file append the following `Input` and `Output` sections: ```text [INPUT] From 0c0f954b433ad203d522bf8dda36808044a0cbbc Mon Sep 17 00:00:00 2001 From: Marat Abrarov Date: Tue, 11 Mar 2025 23:53:26 +0300 Subject: [PATCH 4/5] pipeline: outputs: es: YAML format Upstream servers configuration Signed-off-by: Marat Abrarov --- pipeline/outputs/elasticsearch.md | 56 +++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 3 deletions(-) diff --git a/pipeline/outputs/elasticsearch.md b/pipeline/outputs/elasticsearch.md index 2c4ad6650..87f27bb0c 100644 --- a/pipeline/outputs/elasticsearch.md +++ b/pipeline/outputs/elasticsearch.md @@ -160,12 +160,14 @@ pipeline: ### Configuration File with Upstream -In your main configuration file append the following `Input` and `Output` sections: +#### Classic mode Configuration File with Upstream + +In your main classic mode configuration file append the following `Input` and `Output` sections: ```text [INPUT] - Name cpu - Tag cpu + Name dummy + Dummy { "message" : "this is dummy data" } [OUTPUT] Name es @@ -198,6 +200,54 @@ configuration file can be similar to the following: port 9203 ``` +#### YAML Configuration File with Upstream + +In your main YAML configuration file (fluent-bit.yaml) put the following `Input` and `Output` sections: + +```yaml +pipeline: + inputs: + - name: dummy + dummy: "{ \"message\" : \"this is dummy data\" }" + outputs: + - name: es + match: "*" + index: fluent-bit + type: my_type + upstream: ./upstream.yaml +``` + +Your Upstream Servers configuration file can use +[classic mode](../../administration/configuring-fluent-bit/classic-mode/upstream-servers.md) +(refer to "Classic mode Configuration File with Upstream" section at this page) or +[YAML format](../../administration/configuring-fluent-bit/yaml/upstream-servers-section.md). +If Upstream Servers configuration uses YAML format, then it can be placed in the same file as main configuration (for example, in fluent-bit.yaml), like: + +```yaml +pipeline: + inputs: + - name: dummy + dummy: "{ \"message\" : \"this is dummy data\" }" + outputs: + - name: es + match: "*" + index: fluent-bit + type: my_type + upstream: ./fluent-bit.yaml +upstream_servers: + - name: es-balancing + nodes: + - name: node-1 + host: localhost + port: 9201 + - name: node-2 + host: localhost + port: 9202 + - name: node-3 + host: localhost + port: 9203 +``` + ## Elasticsearch field names Some input plugins can generate messages where the field names contains dots (`.`). For Elasticsearch 2.0, this isn't allowed. The current `es` plugin replaces a dot with an underscore (`_`): From 92e24338b0a59f15a66518d558a7162cbe64384f Mon Sep 17 00:00:00 2001 From: Marat Abrarov Date: Tue, 28 Oct 2025 04:42:01 +0300 Subject: [PATCH 5/5] pipeline: outputs: es: formatting to match new requirements. Signed-off-by: Marat Abrarov --- pipeline/outputs/elasticsearch.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/pipeline/outputs/elasticsearch.md b/pipeline/outputs/elasticsearch.md index 87f27bb0c..3c7e5a79f 100644 --- a/pipeline/outputs/elasticsearch.md +++ b/pipeline/outputs/elasticsearch.md @@ -10,14 +10,14 @@ The _Elasticsearch_ (`es`) output plugin lets you ingest your records into an [E This plugin has the following configuration parameters: -The **Overridable** column indicates if a key can be overridden in the NODE section of an +The **Overrides allowed** column indicates whether a key can be overridden in the `NODE` section of an [Upstream](../../administration/configuring-fluent-bit/classic-mode/upstream-servers.md) configuration. -| Key | Description | Default | Overridable | +| Key | Description | Default | Allows overrides | | :--- | :--- | :--- | :--- | -| `Host` | IP address or hostname of the target Elasticsearch instance. | `127.0.0.1` | Yes. Default value isn't applicable for NODE section of Upstream configuration, which requires `Host` to be specified. | -| `Port` | TCP port of the target Elasticsearch instance. | `9200` | Yes. Default value isn't applicable for NODE section of Upstream configuration, which requires `Port` to be specified. | +| `Host` | IP address or hostname of the target Elasticsearch instance. | `127.0.0.1` | Yes. Default value isn't applicable for `NODE` section of Upstream configuration, which requires `Host` to be specified. | +| `Port` | TCP port of the target Elasticsearch instance. | `9200` | Yes. Default value isn't applicable for `NODE` section of Upstream configuration, which requires `Port` to be specified. | | `Path` | Elasticsearch accepts new data on HTTP query path `/_bulk`. You can also serve Elasticsearch behind a reverse proxy on a sub-path. Define the path by adding a path prefix in the indexing HTTP POST URI. | Empty string | Yes | | `compress` | Set payload compression mechanism. Option available is `gzip`. | _none_ | Yes | | `Buffer_Size` | Specify the buffer size used to read the response from the Elasticsearch HTTP service. Use for debugging purposes where required to read full responses. Response size grows depending of the number of records inserted. To use an unlimited amount of memory, set this value to `False`. Otherwise set the value according to the [Unit Size](../../administration/configuring-fluent-bit.md#unit-sizes). | `512KB` | Yes | @@ -63,7 +63,7 @@ If you have used a common relational database, the parameters `index` and `type` The Elasticsearch output plugin supports TLS/SSL. For more details about the properties available and general configuration, see [TLS/SSL](../../administration/transport-security.md). -### AWS Sigv4 Authentication and Upstream Servers +### AWS Sigv4 authentication and Upstream servers The `http_proxy`, `no_proxy`, and `TLS` parameters used for AWS Sigv4 Authentication (for connection of plugin to AWS to generate authentication signature) are never picked from the `NODE` section of the [Upstream](../../administration/configuring-fluent-bit/classic-mode/upstream-servers.md) configuration. However, `TLS` parameters for connection of the plugin to Elasticsearch can be overridden in the `NODE` section of Upstream, even if AWS authentication is used. @@ -158,9 +158,9 @@ pipeline: {% endtab %} {% endtabs %} -### Configuration File with Upstream +### Configuration file with Upstream -#### Classic mode Configuration File with Upstream +#### Classic mode configuration file with Upstream In your main classic mode configuration file append the following `Input` and `Output` sections: @@ -200,7 +200,7 @@ configuration file can be similar to the following: port 9203 ``` -#### YAML Configuration File with Upstream +#### YAML configuration file with Upstream In your main YAML configuration file (fluent-bit.yaml) put the following `Input` and `Output` sections: