We've noticed that our message seems incomplete in filebeat/logstash. Btw, the message field is our xml payload, and we need to store this for searching. When we stdout in filebeat, the message is somewhat cut, i wonder if field has maximum number of characters that was cut when it reaches the maximum? Kindly help. TIA
Are you using multiline?
By default multiline only publishes the first 500 lines.
By default an event is cut short at 10MB.
Check docs or reference configuration for max_bytes and max_lines settings.
yes, we do use multiline. Where is this max_bytes and max_lines configured? In filebeat yml?
these are per prospector settings.
max_bytes for limiting event size within the prospector.
multiline.max_lines to limit max lines.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.