This value should be a sane default. Modern versions require more
resources, and nowadays any consumer hardware should be able to have
access to this amount of memory.
Additionally, do not set a lower bound on the heap size, so that unused
space isn't unnecessarily committed to the JVM.
'ecs_compatibility' is now on by default, therefore Logstash indices are
created with the naming pattern "ecs-logstash-*" when data streams are
disabled ('data_stream => false').
When data streams are disabled in Logstash's "elasticsearch" output
('data_stream => false'), Logstash falls back to managing "logstash-*"
indices and creates an index template with ILM enabled.
In this process, a write index for the alias "logstash" is created. This
step requires the "manage" privilege on the "logstash" alias.
Fixes#679
Prior to this version, surrounding quotes (single and double) were
preserved in values coming from the '.env' file, which is counter
intuitive and goes against the recommended practice of quoting values
containing special characters, such as passwords.
Closes#677
List of changes impacting docker-elk:
- [logstash]: The output to Elasticsearch is handled as a data stream.
Starting with v8.0.0, the `elasticsearch` output for Logstash sends
log data to a data stream instead of `logstash-*` indices by default.
The name of the default data stream is `logs-generic-default`.
docker-elk remains unopinionated and simply uses Elastic's defaults
like it always has, so users who prefer to retain the old behaviour
need to explicitly opt-out of data streams in their Logstash
pipelines.
Refs:
- https://www.elastic.co/guide/en/elasticsearch/reference/current/data-streams.html
- https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-data-streams
- [logstash]: The (legacy) monitoring data collection is now disabled.
This feature was deprecated since v7.9.0, and removed in v8.0.0.
Ref: https://www.elastic.co/guide/en/logstash/current/monitoring-internal-collection-legacy.html
- [kibana]: An index pattern for `logs-*` indices is automatically
created.
It used to be required to manually create an index pattern for indices
managed by Logstash, even when using the default Logstash indices.
This is no longer the case since the output data is now being handled
as a data stream, and Kibana automatically creates index patterns for
these.
- [elasticsearch]: The command line tool `elasticsearch-setup-passwords`
was deprecated in favour of a new `elasticsearch-reset-password` tool.
Passwords for built-in users must now be generated one by one.
Ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-passwords.html
- [enterprise-search]: Kibana is now the new management interface, and
the only one available moving forward.
The old standalone Enterprise Search interface was removed in v8.0.0.
Ref: https://www.elastic.co/guide/en/enterprise-search/current/user-interfaces.html
dependabot[bot]
Antoine Cotten
docker-elk-updater[bot]
Yuri Pereira Constante