Hello,
To prevent getting this message: "{“type”:“illegal_argument_exception”,“reason”:“Document contains at least one immense term in field=“full_request” (whose UTF8 encoding is longer than the max length 32766), all of which were skipped. Please correct the analyzer to not produce such terms.”
I’m updating full_request field in current index by:
PUT graylog_xxx/_mapping/message
{
“properties”: {
“full_request” : {
“type” : “keyword”,
“ignore_above”: 8191
}
}
}
How it can be done for all future indices? I tried to add it to graylog-custom-mapping, but with no success.
Thanks in advance