Our 'custom packages' currently state that changing the dataset will send the data to a different index. However, these packages create a template such as logs-udp.generic matching logs-udp.generic-* indices. This contradicts the text saying that changing the dataset will send the data to a different index.
Currently, the data itself will go into the new destination, however the initial component template is made to match the incorrect pattern.
In order to resolve this, our custom packages need to be convert to input packages (i.e. type: input)
We need to test the user experience when upgrading from a current custom package to the new input package. Are there breaking changes involved and to what extend? Depending on the experience, we may need to discuss deprecation of the current packages and shipping new v2 input packages (but hopefully that can be avoided). Fleet team will need to be engaged to discuss breaking changes. We can also co-ordinate efforts with other teams who own certain inputs.
List of packages to convert:
Related Issues
Supersedes - #8435
Our 'custom packages' currently state that changing the dataset will send the data to a different index. However, these packages create a template such as logs-udp.generic matching logs-udp.generic-* indices. This contradicts the text saying that changing the dataset will send the data to a different index.
Currently, the data itself will go into the new destination, however the initial component template is made to match the incorrect pattern.
In order to resolve this, our custom packages need to be convert to input packages (i.e. type: input)
We need to test the user experience when upgrading from a current custom package to the new input package. Are there breaking changes involved and to what extend? Depending on the experience, we may need to discuss deprecation of the current packages and shipping new v2 input packages (but hopefully that can be avoided). Fleet team will need to be engaged to discuss breaking changes. We can also co-ordinate efforts with other teams who own certain inputs.
List of packages to convert:
[ ] httpjson (consider depreaction here to avoid confusion over CEL vs httpjon)??[ ] AWS Logs (S3 and Cloudwatch inputs) (ownership still deciding, separate issue)Related Issues
Supersedes - #8435