How to deal with big payload fields in events?

asp · November 13, 2019, 3:03pm

Hi,

I am indexing logs which contains a field payload. The payload is some soap / xml statement which may become very big. I notice that if I want to view this event in discover panel, it the browser is hanging, the page is not loading. I tried to get the event via curl and the result was about 25 MB in size.

I want to be able to use kibana to view the event (other meta-information than payload). No need to view the payload in kibana, but then I need to export it via kibana (e.g. via csv export) to open it in an external editor in case of debugging.

What is best practice to deal with this?

Thanks, Andreas

azasypkin · November 13, 2019, 3:35pm

Hi @asp,

I think you can configure Default columns advanced setting to only display columns you need, by default it's _source (every possible field you documents have):

Notes:

this setting is space specific, so everyone in this space will be affected by this setting
you may need to clear localstorage once you change this setting (or just open Kibana in private tab)

Best,
Oleg

system · December 11, 2019, 3:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

How to deal with *big* payload fields in events?

How to deal with big payload fields in events?