Unable to update the index.mapping.total_fields.limit value

We are trying to poll the data from a device (PDU) through SNMP Input Plugin. The device MIB file has been imported to ELK logstash, as per SNMP input plugin | Logstash Reference [8.3] | Elastic.
When executing the snmp.conf by ( /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash-snmp.conf) getting an error - 'Could not index event to Elasticsearch - Limit of total fields [1000] has been exceeded while adding new fields'.

[WARN ] 2022-08-09 06:05:19.081 [[main]>worker6] elasticsearch - Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"snmp", :routing=>nil}, {"cpiPduBranchPower.3.12.48.48.48.69.68.51.48.48.70.69.54.48" => 0
:response=>{"index"=>{"_index"=>"snmp", "_id"=>"nh4QgoIBizjuIP1-21th", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception",
"reason"=>"failed to parse", "caused_by"=>{"type"=>"illegal_argument_exception",
"reason"=>"Limit of total fields [1000] has been exceeded while adding new fields [169]"}}}}}

Trying to update the default value (1000) to 2000 by using the below command, but the value is not updating.. How do I update this value.

curl -s -XPUT https://elasticsearchIP/snmp/_settings  -H 'Content-Type: application/json' -d '{"index.mapping.total_fields.limit": 2000}'

More conversation about this topic on - Elasticsearch - Could not index event to Elasticsearch status=>400
Please suggest.

What happens when you run the curl?

I don't see any error when I run curl. Its just executing smoothly but the value didn't get update.

Ok but what happens, please post the command and the output you are seeing. Please do not post an image of it either

I am able to update the value through Dev Tools on Kibana as below,

PUT (IndicesName*)/_settings 
{
  "index.mapping.total_fields.limit": 2000
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.