I am monitoring a bunch of servers using the ELK stack. I want to monitor custom Java processes that are being run from jars on those servers. I am trying to split the line graph using the system.process.cmdline.keyword feature. But system.process.cmdline.keyword field is absent for some types of command while the corresponding system.process.cmdline is present. I am guessing .keyword conversion logic fails in these cases. Does not work for this.
Works for this. Please notice the difference in command line field in both the cases.
Any help here is appreciated. Been stuck over this for long
Hi @lukas, Pls find the mapping for system.process.cmdline.keyword. Providing only a snippet here which I think is relevant as the entire mapping is more than 800 lines. Let me know if you need more info. Thanks
Okay I was able to get it working after increasing the ignore_above limit for one index. But this leads me to another problem. I am maintaining an ELK stack and my indexes are created by logstash output on a daily basis. So I cannot manually update the mapping everyday. I want to increase/remove this limit permanently for all the indexes that will be created. How can this be achieved ?
Thanks for your response @lukas. Please find the logstash config which is sending data to elastic search for indexing. Can you please let me know how can I provide the custom mapping?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.