Fields count in elasticsearch indice

malcolm666 · December 9, 2020, 2:23pm

Hi.
I have elasticsearch, Grafana and some beats deployed in k8s. Version is 7.6.1.
There are some fields from my configuration:

# env values
      - env:
        - name: cluster.name
          value: k8s-logs
        - name: node.name
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: discovery.seed_hosts
          value: es-cluster-0.elasticsearch,es-cluster-1.elasticsearch,es-cluster-2.elasticsearch
        - name: cluster.initial_master_nodes
          value: es-cluster-0,es-cluster-1,es-cluster-2
        - name: ES_JAVA_OPTS
          value: -Xms7g -Xmx7g
        - name: ELASTIC_PASSWORD
          valueFrom:
            secretKeyRef:
              key: password
              name: elasticsearch-password
        - name: http.max_header_size
          value: 20000kb
        - name: xpack.security.enabled
          value: "true"
        - name: xpack.security.transport.ssl.enabled
          value: "true"
        - name: xpack.security.transport.ssl.verification_mode
          value: certificate
        - name: xpack.security.transport.ssl.keystore.path
          value: /usr/share/elasticsearch/config/elastic-certificates.p12
        - name: xpack.security.transport.ssl.truststore.path
          value: /usr/share/elasticsearch/config/elastic-certificates.p12
        - name: xpack.monitoring.collection.enabled
          value: "true"
        - name: xpack.monitoring.elasticsearch.collection.enabled
          value: "false"

# resources
        resources:
          limits:
            cpu: "3"
            memory: 14Gi
          requests:
            cpu: "3"
            memory: 14Gi

All works good. We have one index pattern (filebeat-*) in kibana with huge mount of fields (62000 fields)
Kibana works very slow when opening setting of this index pattern and when opening the dashboard that uses this index pattern.
So... Please, help me understand the issue. Is it "normal" to have so many fields in index pattern?

warkolm · December 9, 2020, 10:37pm

What version(s) of the stack are you using?

malcolm666 · December 10, 2020, 6:31am

I wrote it in my message
7.6.1

warkolm · December 10, 2020, 6:32am

For the entire stack - Elasticsearch, Kibana and beats?

malcolm666 · December 10, 2020, 6:32am

Sure

warkolm · December 10, 2020, 6:33am

Ok, what modules are you loading in Beats?

malcolm666 · December 10, 2020, 6:37am

For filebeat I am using two versions - 6.8.12 (deployed outside of k8s) and 7.6.1 (inside of k8s).
So much fields are generated in 6.8.12 version of filebeat. This filebeat uses log as input without modules.
The problem is not with beat. I am just asking about fields count.

warkolm · December 10, 2020, 6:40am

Yeah but Filebeat is generating these fields, so it's a relevant area.

It's not really normal to have an index with that many fields. I don't know if this situation improved in later versions, but let me move this over to Beats and see if anyone can help.

malcolm666 · December 10, 2020, 6:41am

Thanks! Will wait for answer

warkolm · December 10, 2020, 6:42am

system · January 7, 2021, 6:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Why filebeat create so many fields in the index of elasticsearch Beats filebeat	2	1120	May 16, 2019
Kibana index pattern fields number doesn't match elasticsearch mapping fileds number Kibana	4	528	July 30, 2018
Cisco Filebeat module loading 4286 fields Beats beats-module , filebeat	4	496	October 8, 2020
Get current number of fields in index Elasticsearch	2	5876	August 4, 2017
Kibana 5.1.2/ES 5.1.2 - Index patterns with more than 1000 fields Kibana	4	4973	February 22, 2017

Fields count in elasticsearch indice

Related topics