Add reference page for default log component templates #2689
Conversation
| ```json | ||
| PUT _index_template/my-logs-template | ||
| { | ||
| "index_patterns": ["my-logs-template"], | ||
| "composed_of": ["ecs@mappings", "logs@mappings", "logs@settings"], | ||
| "priority": 200 | ||
| } | ||
| ``` |
There was a problem hiding this comment.
Example based on content from this page.
🔍 Preview links for changed docs |
|
|
||
| * Sets `@timestamp` to ingest time if missing. | ||
| * Contains a hook to the optional [`logs@custom`](#customize-preprocessing-with-logscustom) pipeline. | ||
| * Sets `ignore_malformed` to `true` globally. With this setting, documents with malformed fields can be indexed without causing ingestion failures. Refer to [ignore_malformed](elasticsearch://reference/elasticsearch/mapping-reference/ignore-malformed.md) for a list of supported fields. |
There was a problem hiding this comment.
It also includes ignore_dynamic_beyond_limit.
| * Defines ECS `data_stream.*` fields: | ||
| * `data_stream.type`: constant_keyword, value `logs` | ||
| * `data_stream.dataset`: constant_keyword, for example `nginx.access` (must be ≤ 100 characters, no `-`) | ||
| * `data_stream.namespace`: constant_keyword, for example `production` (must be ≤ 100 characters, no `-`) |
There was a problem hiding this comment.
These can also be links to ECS, e.g. https://www.elastic.co/docs/reference/ecs/ecs-data_stream#field-data-stream-namespace
|
|
||
| Configures default index settings for logs data streams: | ||
|
|
||
| * Sets `@timestamp` to ingest time if missing. |
There was a problem hiding this comment.
The component template references a default pipeline (logs@default-pipeline) which in turn sets @timestamp if missing.
| Configures default index settings for logs data streams: | ||
|
|
||
| * Sets `@timestamp` to ingest time if missing. | ||
| * Contains a hook to the optional [`logs@custom`](#customize-preprocessing-with-logscustom) pipeline. |
There was a problem hiding this comment.
The logs@default-pipeline ingest pipeline contains a hook to the logs@custom ingest pipeline
|
|
||
| Elastic applies a managed index template to data streams that follow the `logs-*-*` index pattern. This index template references a set of reusable component templates and an optional `@custom` ingest pipeline that standardizes how log data streams are mapped, indexed, and preprocessed. | ||
|
|
||
| The managed `logs` index template has a priority of `100` and is automatically applied to any data stream following the `logs-*-*` index pattern, unless you override it with your own higher-priority index template. |
There was a problem hiding this comment.
LogsDB is also enabled in this index template
|
@LucaWintergerst can you please have a look? The last part encourages users to follow the |
This PR adds a new reference page under
/solutions/observability/logs/that documents the default component templates applied to logs data streams.Closes #1863