Elasticsearch k8s labels issue #378
Comments
|
ref #370 |
|
Hello @jcantrill, How would you implement the extra configuration on this popular docker image ? That would unblock a lot of people as many projects still use the label "app" for their application name on top of the standard app.kubernetes.io/name label I've been looking/trying some work around without success including the one mentinoned in #370 Thank you |
|
Exactly as identified in the other issue: The problem is there is a 'first one wins' issue where in one case the type should be an object and the other should be a scalar. Elasticsearch does dynamic mapping so it does not know how to treat these conflicting case. Additionally, unless they have fixed it on their side, Elasticsearch treats dot delimited keys as a JSON path. This is at least the case for v6 and prior. I seem to recall they provided a config or bug fix to handle that case. We solve the issue by replacing these "path" bits with underscores which has proven to be the safer option. Note this is also what other observability tools have done (e.g. Prometheus, Loki) for likely the same issues. Its easier to tell someone to "convert your label to underscores when you query" then it is to try and do the escaping. |
After upgarding to latest fluentd chart, started to get error on the labels the plugin produces
2023-12-30 09:13:35 +0000 [warn]: #0 fluent/log.rb:383:warn: dump an error event: error_class=Fluent::Plugin::ElasticsearchErrorHandler::ElasticsearchError error="400 - Rejected by Elasticsearch [error type]: mapper_parsing_exception [reason]: 'object mapping for [kubernetes.labels.app] tried to parse field [app] as object, but found a concrete value'"is there option to add dedot flag to this plugin?
The text was updated successfully, but these errors were encountered: