Skip to content

Use the logs.ecs index instead of logs #17909

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rdner merged 1 commit into from
Mar 23, 2026
+10 −5
Merged

Use the logs.ecs index instead of logs #17909

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion packages/filestream/agent/input/filestream.yml.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{{#if use_logs_stream}}
index: logs
index: logs.ecs
{{else}}

data_stream:
Expand Down
5 changes: 5 additions & 0 deletions packages/filestream/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "2.4.0"
changes:
- description: 'Use the `logs.ecs` index instead of `logs` when "Use logs data stream" is enabled.'
type: enhancement
link: https://github.com/elastic/integrations/pull/17909
- version: "2.3.3"
changes:
- description: Remove duplicated ECS mappings from package template
Expand Down
8 changes: 4 additions & 4 deletions packages/filestream/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ name: filestream
title: Custom Logs (Filestream)
description: Collect log data using filestream with Elastic Agent.
type: input
version: 2.3.3
version: 2.4.0
conditions:
kibana:
version: "^9.2.0"
version: "^9.4.0"
categories:
- custom
- custom_logs
Expand Down Expand Up @@ -40,9 +40,9 @@ policy_templates:
When enabled, filestream will decompress GZIP-compressed files (.gz) as they are read. For full details, see the [documentation](https://www.elastic.co/docs/reference/beats/filebeat/filebeat-input-filestream#reading-gzip-files). If enabled, you **must** also remove the '\.gz$' pattern from the "Exclude Files" setting to ensure `.gz` files are ingested. Available for Elastic Agent 9.2.0 in beta and for Elastic Agent 9.3.0 or newer in GA.
- name: use_logs_stream
type: bool
title: Use the "logs" data stream
title: Use the "logs.ecs" data stream
description: |
When enabled, data ingested by this integration is written to the "logs" data stream. **The 'Ingest Pipeline' and the configured 'Dataset name' are ignored**. You also need to [Turn on wired streams](https://www.elastic.co/docs/solutions/observability/streams/wired-streams#streams-wired-streams-enable) in Streams [Settings](/app/streams) and to enable **Allow agents to write to Streams** for the output policy in the Fleet [Settings](/app/fleet/settings) tab. [Learn more](https://www.elastic.co/docs/solutions/observability/streams/wired-streams).
When enabled, data ingested by this integration is written to the "logs.ecs" data stream. **The 'Ingest Pipeline' and the configured 'Dataset name' are ignored**. You also need to [Turn on wired streams](https://www.elastic.co/docs/solutions/observability/streams/wired-streams#streams-wired-streams-enable) in Streams [Settings](/app/streams) and to enable **Allow agents to write to Streams** for the output policy in the Fleet [Settings](/app/fleet/settings) tab. [Learn more](https://www.elastic.co/docs/solutions/observability/streams/wired-streams).
required: false
show_user: true
default: false
Expand Down
Loading