Elasticsearch Field limit more than 1000

elasticsearch logstash geoip kibana-6 amazon-cloudtrail

You will have to either set an index template on the cluster.

You can use below template to set the settings for all indices that get added to the cluster. Once you index via logstash, below template will set the field limit to 2000 for all indices that are created.

PUT /_template/Global{    "index_patterns" : ["*"],    "order" : 0,    "settings" : {        "index.mapping.total_fields.limit" : "2000"    }        }

Note: You can change the pattern to "index_patterns" : ["cloudtrail-*"] if you want to use the settings for specific indices.

Another option is to use a logstash template as explained on this link

You should also consider restructuring your document mapping when the fields in one document go to such a high number, not all fields are always required in the response. Look into creating relations like Join/parent-child etc. to create smaller documents for efficiency.

CodeHunter

Elasticsearch Field limit more than 1000

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last