Performance impact from large fields.yml?

JD_Kemsley · March 16, 2020, 6:50pm

After a vanilla install of metricbeat on an EC2 instance, I enabled the system module in metricbeat.yml. I did not modify fields.yml, and after turning on metricbeat, I now see a huge number of fields in my index pattern:
Screen Shot 2020-03-16 at 1.40.21 PM

I understand that I can modify fields.yml to change what fields metricbeat tells elasticsearch about the index. There are a few questions that remain unanswered in the docs however:

What are the performance implications of having so many fields defined this way? There is no data for most of these fields in any of the matching indices.
Is there an easy way to manage fields.yml to only send info on fields that are used in currently enabled modules? I can technically edit fields.yml but editing a 10,000-line file is pretty onerous.

system · April 13, 2020, 6:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Too many field in metricbeat Beats metricbeat	9	1555	September 8, 2020
Metricbeat extra fields Beats metricbeat	2	263	August 11, 2020
Filebeat and Metricbeat index have tens of thousands of fields Beats filebeat , metricbeat	1	166	March 12, 2024
ES 2.3 -> 5.x metricbeat index field limit Beats metricbeat	12	3185	January 3, 2017
Unable to limit FileBeat fields Beats filebeat	3	344	February 17, 2021

Performance impact from large fields.yml?

Related Topics