Hi, please post the complete message and the configuration of your Graylog node and the input you're using to ingest these messages.
Cheers, Jochen On Tuesday, 18 October 2016 11:17:00 UTC+2, 4BRobby wrote: > > Hey guys, > > Maybe someone has noticed this before. It seems like Elasticsearch (out of > the box) is applying an XML filter to the fields. > > Input-Example for full_message field: > <?xml version="1.0" encoding="utf-8"?> > <Nest1> > <Nest2>Success</Nest2> > <Nest3>DoSomething</Nest4> > <Nest4>8</Nest4> > <Nest5> > <Nest6>0</Nest6> > <Nest7> > <Nest8.. > > Result full_message field: > <?xml version="1.0" encoding="utf-8"?> > <Nest1> > <Nest2>Success</Nest2> > <Nest3>DoSomething</Nest3> > <Nest4>8</Nest4> > <Nest5> > </Nest5> > </Nest1> > > It seems like Elasticsearch is automatically completing the XML discarding > all tags that cannot be completed. > In this case an 400kb XML is shortened to 65kb by code and the gets > completely truncated to the result above. > > Is there any way to prevent this by making a special configuration to > elasticsearch? > > Thanks. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9b7b127c-1a06-444f-8670-d9c78407154e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
