Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option to prevent auto-creating index with no matching index template #97032

Closed
axw opened this issue Jun 23, 2023 · 2 comments · Fixed by #101872
Closed

Option to prevent auto-creating index with no matching index template #97032

axw opened this issue Jun 23, 2023 · 2 comments · Fixed by #101872
Labels
:Data Management/Indices APIs APIs to create and manage indices and templates >enhancement Team:Data Management Meta label for data/management team

Comments

@axw
Copy link
Member

axw commented Jun 23, 2023
edited
Loading

Description

APM uses bulk indexing to data streams, and relies on automatic data stream creation on first document write. Index templates are set up by a different process (Kibana) than the one that writes the documents (APM Server).

If the index template is not created before a document is written, then a plain old index will be auto-created with default dynamic mapping rules which do match the expectations of our queries. To address this, we provide monitor privileges to APM Server so that it can query for the presence of index templates before writing documents. This is not ideal, as it increases the privileges (and therefore attack surface), and also more tightly couples APM Server to the index templates than should be necessary.

We would like a way to prevent writes from auto-creating an index if there is no matching index template. This might mean failing the request, or blocking the request for a configurable amount of time until a matching template has been installed.
@axw axw added >enhancement needs:triage Requires assignment of a team area label labels Jun 23, 2023
@pquentin pquentin added :Data Management/Indices APIs APIs to create and manage indices and templates and removed needs:triage Requires assignment of a team area label labels Jun 23, 2023
@elasticsearchmachine elasticsearchmachine added the Team:Data Management Meta label for data/management team label Jun 23, 2023
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-data-management (Team:Data Management)

@axw
Copy link
Member Author

axw commented Jun 25, 2023
edited
Loading

Probably a simpler option for us would be to introduce an index template built into Elasticsearch that matches traces-*-*, like we have for logs and metrics. I still think it could be a useful feature, but we wouldn't need it for APM if we had a built-in template.

EDIT: we did that, turns out it's insufficient as there's still a time window where the templates/pipelines don't exist while data can still be indexed.

@axw axw mentioned this issue Jun 28, 2023
Closed
@felixbarny felixbarny mentioned this issue Nov 3, 2023
Open
@eyalkoren eyalkoren mentioned this issue Nov 7, 2023
Merged
dakrone pushed a commit that referenced this issue Jan 18, 2024
@eyalkoren
Add require_data_stream feature (#101872)
6f4e293 
Closes #97032

Adding the ability to set `require_data_stream` parameter (boolean) on bulk and indexing APIs.
For document indexing, this flag requires the indexing operation to either be pointed at a data stream, or match a template that will create a data stream.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
:Data Management/Indices APIs APIs to create and manage indices and templates >enhancement Team:Data Management Meta label for data/management team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add require_data_stream feature eyalkoren/elasticsearch
3 participants
@pquentin @axw @elasticsearchmachine