How to deal with big payload fields in events?

asp · November 13, 2019, 3:03pm

Hi,

I am indexing logs which contains a field payload. The payload is some soap / xml statement which may become very big. I notice that if I want to view this event in discover panel, it the browser is hanging, the page is not loading. I tried to get the event via curl and the result was about 25 MB in size.

I want to be able to use kibana to view the event (other meta-information than payload). No need to view the payload in kibana, but then I need to export it via kibana (e.g. via csv export) to open it in an external editor in case of debugging.

What is best practice to deal with this?

Thanks, Andreas

azasypkin · November 13, 2019, 3:35pm

Hi @asp,

I think you can configure Default columns advanced setting to only display columns you need, by default it's _source (every possible field you documents have):

Notes:

this setting is space specific, so everyone in this space will be affected by this setting
you may need to clear localstorage once you change this setting (or just open Kibana in private tab)

Best,
Oleg

system · December 11, 2019, 3:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Huge fields - Mapping best practice Elasticsearch	7	280	July 19, 2022
How to show specific fields only? Kibana	1	1371	February 21, 2019
Getting Kibana to tell me which log entries are the largest Kibana	3	2684	January 31, 2018
Handling of large fields (strings or attachments) in Kibana Kibana	6	1204	July 6, 2017
Problem with large xml logs Kibana	2	546	June 11, 2019

How to deal with *big* payload fields in events?

Related topics

How to deal with big payload fields in events?