We are trying to poll the data from a device (PDU) through SNMP Input Plugin. The device MIB file has been imported to ELK logstash, as per SNMP input plugin | Logstash Reference [8.3] | Elastic.
When executing the snmp.conf by ( /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash-snmp.conf) getting an error - 'Could not index event to Elasticsearch - Limit of total fields [1000] has been exceeded while adding new fields'.
[WARN ] 2022-08-09 06:05:19.081 [[main]>worker6] elasticsearch - Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"snmp", :routing=>nil}, {"cpiPduBranchPower.3.12.48.48.48.69.68.51.48.48.70.69.54.48" => 0
:response=>{"index"=>{"_index"=>"snmp", "_id"=>"nh4QgoIBizjuIP1-21th", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception",
"reason"=>"failed to parse", "caused_by"=>{"type"=>"illegal_argument_exception",
"reason"=>"Limit of total fields [1000] has been exceeded while adding new fields [169]"}}}}}
Trying to update the default value (1000) to 2000 by using the below command, but the value is not updating.. How do I update this value.
curl -s -XPUT https://elasticsearchIP/snmp/_settings -H 'Content-Type: application/json' -d '{"index.mapping.total_fields.limit": 2000}'
More conversation about this topic on - Elasticsearch - Could not index event to Elasticsearch status=>400
Please suggest.
