Performance impact from large fields.yml?

After a vanilla install of metricbeat on an EC2 instance, I enabled the system module in metricbeat.yml. I did not modify fields.yml, and after turning on metricbeat, I now see a huge number of fields in my index pattern:
Screen Shot 2020-03-16 at 1.40.21 PM

I understand that I can modify fields.yml to change what fields metricbeat tells elasticsearch about the index. There are a few questions that remain unanswered in the docs however:

  1. What are the performance implications of having so many fields defined this way? There is no data for most of these fields in any of the matching indices.
  2. Is there an easy way to manage fields.yml to only send info on fields that are used in currently enabled modules? I can technically edit fields.yml but editing a 10,000-line file is pretty onerous.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.