Elastic /_bulk API response missing items array
#607
Comments
|
Is this a recent requirement? I do not recall this being mandatory for clients inserting data |
|
It appears in the the 7.17 docs (maybe earlier versions too? that's just the oldest I could find on the Elastic site) https://www.elastic.co/guide/en/elasticsearch/reference/7.17/docs-bulk.html#bulk-api-response-body I'm not sure how many clients actually require it. |
|
Indeed this sounds like as horrible as anything Elastic. My personal take is returning an empty array would be worse than returning nothing as it would suggest no action was performed potentially leading the client into repeating the bulk insertion. Out of curiosity have you considered just using one of the other log insertion methods without such silly requirements? The results are the same when querying data back. |
|
That is a good point w.r.t. returning empty array. I do wonder whether I could get logs going into a |
|
@awesense-paul IMHO vector does fantastic with qryn logs and its one of the lighter agents out there |
|
Taking a look! Can it insert directly into CH? Or do you typically use the Loki sink (or other qryn-supported protocol)? |
|
For most agents using a loki sink with bulking works great - using direct CH ingestion really only makes a noticeable difference at huge volumes but I'm curious to know what you end up choosing and happy to assist if we can |
The elastic bulk API HTTP response contains an array field "
items" (which includes the full documents that were inserted), but qryn does not include that field.(I am using rsyslog w/
omelasticsearchoutput module, and it logs a warning that theitems[]array is missing. For my purposes, the response only needs to contain an empty array to avoid the warning)The text was updated successfully, but these errors were encountered: