In my system (Kibana 5.1.1) I have 1 event that creating mapping explosion by creating a field that looks something like foo<hashCode>
and we had lots of fooXXXX
, soon after we reach index.mapping.total_fields.limit
.
I change the event to stop doing that by changing it to an array so it would look like foo [hashcode1, hashcode1...]
. but now my system is clutter with those junk foo<hashcode>
.
Trying to recover I run from dev tool UI _delete_by_query
with a query that matches the problematic event.
The response looks valid (see below) but the number of fields didn't decrease - why is that? and how can I delete and reset the fields count
{
"took": 211,
"timed_out": false,
"total": 117,
"deleted": 117,
"batches": 1,
"version_conflicts": 0,
"noops": 0,
"retries": {
"bulk": 0,
"search": 0
},
"throttled_millis": 0,
"requests_per_second": -1,
"throttled_until_millis": 0,
"failures": []
}
I check the number of fields from UI -> Management and also indexing new events give Limit of total fields
error