Mapper Size in Graylog


(Eroji) #1

I am trying configure Graylog so that I am to search for messages and find out what sizes they are in ElasticSearch after a sudden recent up in disk consumption in the cluster. I have the Mapper Size plugin installed on all the ES nodes and configured the custom index template to enable _size field by default for messages. However, I am not seeing that field show up anywhere in Graylog. What am I missing? Or do I just have a completely misunderstanding on how this plugin is supposed to work?


#2

Have you tried to show all fileds in graylog?
But I’m not sure, it will show the _size field.
You can also check the search in elasticsearch via elasticsearch API. It will show the field.
Or you can try elasticdump to dump the full database.


(Eroji) #3

Yup, I tried that in Graylog already. I tried searching with ES API, which showed results but none of the fields returned on the results it supposedly found included _size. Not entirely sure if it’s working at all.


#4

unfortunately I can’t suggest more.
https://community.graylog.org/t/adding–size-field/1353/2


(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.