logs.nimbus: specify json.msg as default query field

This avoids errors like this: ``` failed to create query: field expansion matches too many fields, limit: 1024, got: 1046 ``` Which is caused by default being a wildcard, that causes querying of available fields, which in case of Nimbus logs is more than 1024. This could be fixed by increasing `max_clasue_count`, but a cleaner solution is simply limiting queries without a field specified to `json.msg`. https://www.elastic.co/guide/en/elasticsearch/reference/7.17/index-modules.html#dynamic-index-settings https://www.elastic.co/guide/en/kibana/7.17/upgrade-assistant-api-default-field.html Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-09-25 14:28:11 +02:00 · 2024-09-25 14:28:11 +02:00 · dd218622e3
parent 659f34779d
commit dd218622e3
2 changed files with 4 additions and 1 deletions
--- a/ansible/group_vars/logs.nimbus.yml
+++ b/ansible/group_vars/logs.nimbus.yml
@ -38,6 +38,9 @@ es_number_of_replicas: 0
 # Bump due to large number of fields in JSON logs.
 es_mapping_total_fields_limit: 1500

+# Query optimization to not search throguh all fields. Can be a list.
+es_default_query_default_field: ['json.msg']
+
 # JVM Memory settings
 es_jvm_g1gc_enabled: true
 es_jvm_heap_auto: false
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -78,7 +78,7 @@

 - name: infra-role-elasticsearch
  src: git@github.com:status-im/infra-role-elasticsearch.git
-  version: 30efbecb1362da25ca5cf927e641d7c27df1c94a
+  version: d9dc779dccd879b429a4e808b463fb403ba5753f

 - name: infra-role-elasticsearch-lb
  src: git@github.com:status-im/infra-role-elasticsearch-lb.git