I am seeing below warning in graylog server log, any idea to avoid this ?? i though this issue is fixed in 2.2 [1]: index [graylog_9], type [message], id [829d2eb0-05b8-11e7-8dc2-5254007b267d], message [java.lang.IllegalArgumentException: Document contains at least one immense term in field="workfl…

See these topics/issues: [image] Beats Input - bytes can be at most 32766 in length Graylog Central (peer support) Hi Guys I’ve deployed Graylog to use for a syslog solution. Currently using Sidecar to do the collections of winlogs only. Been running a week and started …

Is there any way stop from filebeat side, mean sikp the message with morethan 32KB from client side itself I tried to configure max_bytes with 32760, but its not working

according to this file one option is available to limit the size: https://github.com/elastic/beats/blob/master/filebeat/filebeat.full.yml#L199

you can use a pipeline rule truncating that field like I did: rule “truncate winlogbeat_event_data_Binary” when has_field(“winlogbeat_event_data_Binary”) then let winlogbeat_event_data_Binary = substring(“winlogbeat_event_data_Binary”, 32760); set_field(“winlogbeat_event_data_Binary”, winlogb…

Hello, I have the same problem (Graylog 3.0.3) and we use a rule and still we see the error message Error: {“type”:“illegal_argument_exception”,“reason”:“Document contains at least one immense term in field=“logmessage” (whose UTF8 encoding is longer than the max length 32766), all of which were …

you need to lower the bytes as elasticsearch does have different values for the characters that you fill in.

@jan : Not sure if I understand you. We tried to limit it at 16K, no luck. We limit 2 other fields in size too. No problems with those.

The magic length seems to be 16382 (16K - 2). We see no issues when we apply rules shortening to this length.

Warning Immense term in field in graylog serverlog

Graylog Central (peer support)

jochen (Jochen) March 11, 2017, 12:45pm 2

See these topics/issues:

Topic		Replies	Views
Where the length limitation comes from or is set up? Graylog Central (peer support)	1	1668	February 22, 2017
Graylog Index Failures Graylog Central (peer support)	3	1727	July 29, 2020
Beats Input - bytes can be at most 32766 in length Graylog Central (peer support) pipeline-rules , sidecar , winlogbeat	17	5569	June 7, 2017
Document contains at least one immense term ERROR Graylog Central (peer support) elastic	3	631	January 24, 2024
Identify source and reason of bad messages Graylog Central (peer support)	9	3388	February 23, 2017

Warning Immense term in field in graylog serverlog

Related topics