Is there an easy way to figure how the messages being put into ES based on their size? We are seeing a sudden increase in the storage space consumed and believe it's related continuous large messages being dumped into the cluster.
Trying to understand what is the correct process to take to get this working in Graylog running on ES data nodes.
The current state of my configuration
- I have the index configured in Graylog and ES as "graylog" after I have everything installed.
- I installed the mapper size plugin installed on the ES nodes.
- I have the cluster online with Graylog input running.
- I am able to generate test GELF UDP inputs and have the cluster accept the log message.
At this point, from what I've read, I need to create a new index with mapper size "_size" field added to the mapping?