I am trying configure Graylog so that I am to search for messages and find out what sizes they are in ElasticSearch after a sudden recent up in disk consumption in the cluster. I have the Mapper Size plugin installed on all the ES nodes and configured the custom index template to enable _size field by default for messages. However, I am not seeing that field show up anywhere in Graylog. What am I missing? Or do I just have a completely misunderstanding on how this plugin is supposed to work?
Have you tried to show all fileds in graylog?
But I’m not sure, it will show the _size field.
You can also check the search in elasticsearch via elasticsearch API. It will show the field.
Or you can try elasticdump to dump the full database.
Yup, I tried that in Graylog already. I tried searching with ES API, which showed results but none of the fields returned on the results it supposedly found included _size. Not entirely sure if it’s working at all.
unfortunately I can’t suggest more.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.