Hey guys, Maybe someone has noticed this before. It seems like Elasticsearch (out of the box) is applying an XML filter to the fields.
Input-Example for full_message field: <?xml version="1.0" encoding="utf-8"?> <Nest1> <Nest2>Success</Nest2> <Nest3>DoSomething</Nest4> <Nest4>8</Nest4> <Nest5> <Nest6>0</Nest6> <Nest7> <Nest8.. Result full_message field: <?xml version="1.0" encoding="utf-8"?> <Nest1> <Nest2>Success</Nest2> <Nest3>DoSomething</Nest3> <Nest4>8</Nest4> <Nest5> </Nest5> </Nest1> It seems like Elasticsearch is automatically completing the XML discarding all tags that cannot be completed. In this case an 400kb XML is shortened to 65kb by code and the gets completely truncated to the result above. Is there any way to prevent this by making a special configuration to elasticsearch? Thanks. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/d0be0963-5936-4ee7-b37a-1a107b4de235%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.