Hey guys,
Maybe someone has noticed this before. It seems like Elasticsearch (out of
the box) is applying an XML filter to the fields.
Input-Example for full_message field:
<?xml version="1.0" encoding="utf-8"?>
<Nest1>
<Nest2>Success</Nest2>
<Nest3>DoSomething</Nest4>
<Nest4>8</Nest4>
<Nest5>
<Nest6>0</Nest6>
<Nest7>
<Nest8..
Result full_message field:
<?xml version="1.0" encoding="utf-8"?>
<Nest1>
<Nest2>Success</Nest2>
<Nest3>DoSomething</Nest3>
<Nest4>8</Nest4>
<Nest5>
</Nest5>
</Nest1>
It seems like Elasticsearch is automatically completing the XML discarding
all tags that cannot be completed.
In this case an 400kb XML is shortened to 65kb by code and the gets
completely truncated to the result above.
Is there any way to prevent this by making a special configuration to
elasticsearch?
Thanks.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/d0be0963-5936-4ee7-b37a-1a107b4de235%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
