Each week, a new “Do You Know” will be posted on our Elastic Technical Knowledge Hub to share useful knowledge to improve the observability using Elasticsearch. These topics originate from day-to-day challenges we solved for our clients. A stepwise description helps you to successfully implement solutions on improving the performance of your deployment and get the best monitoring of your applications using dashboards and alerting.
This week I will discuss: how to increase the amount of fields allowed in your data view.
Background
By default, Elasticsearch permits indexing up to a maximum of 1000 fields. It can occur that the number of fields in your index becomes much larger than the default value of 1000. Documents that contain new fields pushing the total number of fields above 1000 won’t be indexed. To solve this issue you can easily increase the maximum number of fields allowed in your index with the index.mapping.total_fields.limit setting.
Solution
Step 1
Go to the Dev Tool in Kibana and create a new component template using the following command. The advantage of creating a component template is that you can add the template in any index template you like.
PUT _component_template/<a given component template name>
{
"template": {
"settings": {
"index.mapping.total_fields.limit": 90000
}
}
}
Step 2
Go to your index template in Kibana using the menus: Stack Management → Index Management → Index Template → and add the new component template to your existing index template. Please note that the template can be assigned to any index template you like.
Step 3
Perform an index rollover to the index that is linked to your index template.
POST <index name>/_rolloverNeed help with your Elastic challenges? Contact our experts.
With our 25+ Elastic certified consultants, Devoteam is your partner for developing and implementing Monitoring & Observability solutions that facilitate optimal IT control, from Business & IT Operations dashboards to centralized logging and proactive alerting.
