Update ignore_above parameter permanently

ludaca · January 1, 2020, 1:09pm

Hello,
To prevent getting this message: "{“type”:“illegal_argument_exception”,“reason”:“Document contains at least one immense term in field=“full_request” (whose UTF8 encoding is longer than the max length 32766), all of which were skipped. Please correct the analyzer to not produce such terms.”
I’m updating full_request field in current index by:

PUT graylog_xxx/_mapping/message
{
“properties”: {
“full_request” : {
“type” : “keyword”,
“ignore_above”: 8191
}
}
}
How it can be done for all future indices? I tried to add it to graylog-custom-mapping, but with no success.
Thanks in advance

macko003 · January 2, 2020, 7:47am

you have to create a map, and you can assign the map with index name.

https://docs.graylog.org/en/3.1/pages/configuration/elasticsearch.html#custom-index-mappings

{
  "template": "graylog_*",
  "mappings" : {
    "message" : {
      "properties" : {
        "field_ip" : {
          "type" : "ip",
          "index" : "false"
        },
...

//YES, you HAVE TO make the json syntax correct with completion…

ludaca · January 5, 2020, 10:40am

It worked, thank you

system · January 19, 2020, 10:40am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog Index Failures Graylog Central (peer support)	3	1493	July 29, 2020
Getting ERROR Message in graylog-server log file Graylog Central (peer support)	4	3375	October 1, 2018
Elasticsearch Exception & Custom Index Template Graylog Central (peer support) basic-configuration	4	662	June 23, 2022
Elasticsearch custom index mapping Graylog Central (peer support) elastic	28	1955	February 14, 2023
Issues with Elasticsearch 7.10.1 Graylog Central (peer support)	8	1912	April 7, 2021

Update ignore_above parameter permanently

Related Topics