Each week, a new “Do you know” will be posted on our Elastic Technical Knowledge Hub to share useful knowledge to improve the observability using Elasticsearch. These topics originate from day-to-day challenges we solved for our clients. A stepwise description helps you to successfully implement solutions on improving the performance of your deployment and get the best monitoring of your applications using dashboards and alerting.
This week I will discuss: how to increase the amount of characters allowed in a field with the use of Elasticsearch.
Background
The default setting for Elasticsearch is a maximum of 256 characters. If the amount of characters exceeds this limit, the content will not be displayed in visualizations or as a query field in the Advanced Watchers.
Solution
Step 1
Go to the Dev Tool in Kibana and create a new component template using the following command:
PUT _component_template/<a given component template name>
{
"template": {
"mappings": {
"dynamic_templates": [],
"properties": {
"<the field name in your index that contains more than 256 characters>": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 1024 (a given number of characters that fits your need)
}
}
}
}
}
}
}
Step 2
Go to your index template in Kibana using the menus: Stack Management → Index Management → Index Template → add the new component template to your existing index template.
Step 3
Perform an index rollover to the index that is linked to your index template.
POST <index name>/_rollover
Step 4
To check whether your field has an increased number of allowed characters, perform the following command in the Dev Tool in Kibana:
GET <index name>/_mapping
Need help with your Elastic challenges? Contact our experts.
With our 25+ Elastic certified consultants, Devoteam is your partner for developing and implementing Monitoring & Observability solutions that facilitate optimal IT control, from Business & IT Operations dashboards to centralized logging and proactive alerting.