Skip to content

Do you know: how to increase the amount of characters allowed in a field with the use of Elasticsearch?

Each week, a new “Do you know” will be posted on our Elastic Technical Knowledge Hub to share useful knowledge to improve the observability using Elasticsearch. These topics originate from day-to-day challenges we solved for our clients. A stepwise description helps you to successfully implement solutions on improving the performance of your deployment and get the best monitoring of your applications using dashboards and alerting.

This week I will discuss: how to increase the amount of characters allowed in a field with the use of Elasticsearch.


The default setting for Elasticsearch is a maximum of 256 characters. If the amount of characters exceeds this limit, the content will not be displayed in visualizations or as a query field in the Advanced Watchers.


Go to the Dev Tool in Kibana and create a new component template using the following command:

PUT _component_template/<a given component template name>
  "template": {
    "mappings": {
      "dynamic_templates": [],
      "properties": {
        "<the field name in your index that contains more than 256 characters>": {
          "type": "text",
      "fields": {
        "keyword": {
          "type": "keyword",
          "ignore_above": 1024 (a given number of characters that fits your need)

Go to your index template in Kibana using the menus: Stack Management Index Management Index Template add the new component template to your existing index template.

Perform an index rollover to the index that is linked to your index template.

POST <index name>/_rollover

To check whether your field has an increased number of allowed characters, perform the following command in the Dev Tool in Kibana:

GET <index name>/_mapping

Need help with your Elastic challenges? Contact our experts.

With our 25+ Elastic certified consultants, Devoteam is your partner for developing and implementing Monitoring & Observability solutions that facilitate optimal IT control, from Business & IT Operations dashboards to centralized logging and proactive alerting.