Fix timestamp as object at root level for APM Server #97401
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
eyalkoren added :Data Management/Data streams 
elasticsearchmachine added Team:Data Management 
| Pinging @elastic/es-data-management (Team:Data Management) |
eyalkoren added >breaking >bug and removed Team:Data Management elasticsearchmachine added the Team:Data Management | Hi @eyalkoren, I've created a changelog YAML for you. |
carsonip approved these changes Jul 5, 2023
kruskall approved these changes Jul 5, 2023
felixbarny approved these changes Jul 5, 2023
eyalkoren changed the title eyalkoren changed the title 
| I used the ECS testing utility to verify that all current ECS fields are still covered with the modified state of the ECS dynamic templates. |
💔 Backport failedThe backport operation could not be completed due to the following error: You can use sqren/backport to manually backport by running |
eyalkoren added a commit to eyalkoren/elasticsearch that referenced this pull request Jul 9, 2023
felixbarny pushed a commit that referenced this pull request Jul 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
APM Server uses
timestamp.usat documents root level. When sending data with such field to alogs-*-*data stream, indexing fails with:failed to parse field [timestamp] of type [date] in document with id '<id>'.This happens because it clashes with the ECS dynamic template that maps
timestampfields to adate.The preferable solution would be to still automatically map such fields to
dateif they are of suitable candidate type (string,longordouble). We would have relied onmatch_mapping_type, but this setting doesn't support multiple type values and creating multiple dynamic templates to same patterns with differentmatch_mapping_typemake them clash with each other. Two possible enhancements can work well for our purpose:match_mapping_typesupport array of typesunmatch_mapping_type, which we would use to unmatchobjecttypeFor now, the quick fix would be to remove only the
path_match: timestampmapping, thus still support nested fields (likecode_signature.timestamp)