Rotem Hermon created FLUME-2220:
-----------------------------------
Summary: ElasticSearch sink - duplicate fields in indexed document
Key: FLUME-2220
URL: https://issues.apache.org/jira/browse/FLUME-2220
Project: Flume
Issue Type: Bug
Affects Versions: v1.4.0
Reporter: Rotem Hermon
Priority: Minor
The default serializer for the ElasticSearch sink
(ElasticSearchLogStashEventSerializer) duplicates fields that are mapped to
default logstash fields.
For instance timestamp, source, host. Those appear both as logstash fields
("@timestamp", "@source_host" etc.), and both as fields under the @fields
("@fields.timestamp", "@fields.host").
When inserting a field from the headers as a logstash system field it should be
removed from the dictionary so it wouldn't get written again under the
"@fields" field.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
