Hi all,
I wonder how people here manage the growing amount of mappings you see in some indices. Especially kubernetes logs tend to have a wild variety of field. In my situation, all kubernetes logs end up in the same index (ILM'ed to 50GB) and we now have 4800+ field in the index pattern.
This is beginning to throw mapping conflicts and "request entity too large" when refreshing the index pattern.
What is the best way to go about managing this growing list? Keep smaller indices? Separate the k8s logs more? Maybe more specific index patterns instead of logstash* ?