Hi,
My development team has created a custom header that is sent along with their requests. Is it possible to do a search for the custom header name or it's value from the search field. I'm trying things listed under context.response.headers but am not having any luck.
Thanks.
Hi,
Since headers are not indexed as keyword by default, they are not searchable.
The safest way would be to get your Dev team to use the agent public APIs and set the values of these headers as labels in the transaction that corresponds the request handling (meaning - programmatically read the custom header and add a label to the traced transaction). Labels will be searchable.
Alternatively, you can try and change the mappings of the Transaction indices, and make your custom header searchable. I tried the following and it worked:
fields.yml fileCustom_header, edit the fields.yml and replace the headers section under http -> request from: - name: headers
type: object
enabled: false
description: >
The canonical headers of the monitored HTTP request.
to:
- name: headers
type: group
description: >
The canonical headers of the monitored HTTP request.
fields:
- name: Custom_header
type: keyword
description: >
My custom header
overwrite: true
apm-server.yml file so that setup.template.overwrite is set to true
apm-<version>-transaction-<index-ID> in your index management. Once a new transaction index gets created, the mapping should be proper, and your custom header should become searchable.However, notice that changing the template manually may cause some unexpected behaviour, for example when upgrading, so decide whether you want to take this risk.
I hope this helps,
Eyal.
Hi @ethranes,
another possibility is to use the experimental config option setup.template.append_fields in the APM Server config file to index additional fields. The advantage is that you don't need to manually reapply the changes on upgrades, as long as you have have this option configured.
Please note that from >= 7.0 on context.response.headers.* fields are stored as http.response.headers.* in Elasticsearch. Also note that the headers are canonicalized, e.g. content-type will be resolved to Content-Type.
More concrete, for indexing e.g. context.response.headers.content-type, you would update the apm-server.yml to include the following:
setup.template.enabled: true
setup.template.overwrite: true
setup.template.append_fields:
- name: http.response.headers
type: object
- name: http.response.headers.Content-Type
type: keyword
As @Eyal_Koren already pointed out all changes to templates are only applied for new indices.
Let us know if that works for you.
This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.