Problem with large xml logs

Canaparro · May 13, 2019, 8:37pm

I am trying to work with an ELK stack to log messages that contain, in some cases, large XML requests and responses about 30Mb each. They will not be used to search, but they should be retrievable for a given entry to reproduce bugs when needed.

Problem is that Kibana freezes when searching for those logs. I feel like Kibana is a great tool for log visualization and I would like to stick to it. In the worst case cenario, I would have to develop something just to query Elasticsearch without the request/response fields, and a functionality to do a separate search for a given entry's request/response, loosing on many Kibana visualization tools.

Any sugestions on how to work around this issue?

tylersmalley · May 14, 2019, 4:16pm

Is this only an issue in Discover?

By default, Discover it will display the _source field, which would include this XML data. Under Management > Advanced Settings > Default columns you can change that to be something other than _source which should resolve your issue.

system · June 11, 2019, 4:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cannot retrieve search results in kibana:[parent] Data too large, data for [indices:data/read/async_search/get] Kibana	3	547	September 25, 2023
Help for extra large load Elasticsearch	5	343	March 9, 2022
Kibana Discover: Request Timeout after 30000ms when searching large documents Kibana	5	11584	September 21, 2017
SearchError: Internal Server Error in 'Discover' Kibana	4	1677	February 3, 2020
Kibana is slowly reponsing Kibana	3	327	October 11, 2019

Problem with large xml logs

Related topics