Hi
Yes, that's a bummer unfortunately. Anyway i find it a bit weird that
`message` field is taking up so much space to trigger a breaker. It's not
even in the query so why it gets loaded? When i was monitoring my fielddata
and switching to doc_values in my setup other smaller fields were my
pro
Hi Daniel,
doc values don't work for analyzed string fields like "message":
Doc values are supported on almost all field types, with the notable
> exception of analyzed string fields.
>
Unfortunately that's exactly the field which trips the field data cache
circuit breaker in Jason's case.
you can change 'message' mapping template in ES via it's rest api, and add
`"doc_values": true` to some less needed fields, more info or doc values
here:
https://www.elastic.co/guide/en/elasticsearch/reference/current/doc-values.html
W dniu czwartek, 21 kwietnia 2016 00:48:57 UTC+2 użytkownik J
Hi Jason,
we'll gradually improve the error handling in Graylog if the need arises.
As for the underlying problem, I can only recommend the immensely unpopular
"throw hardware at it or reduce your data size". You can add more nodes to
your cluster or add more memory to the existing nodes (withi
