With cloudtrail 7.9 mapping and ingest, we encountered an ingestion issue:
On cloudtrail, some logs have a big request_parameters field that can exceed 32k and break elasticsearch field limit on aws.cloudtrail.flattened.request_parameters.
Document contains at least one immense term in field=\"aws.cloudtrail.flattened.request_parameters\" (whose UTF8 encoding is longer than the max length 32766), all of which were skipped. Please correct the analyzer to not produce such terms. The prefix of the first immense term is: '...', original message: bytes can be at most 32766 in length; got 42321
With cloudtrail 7.9 mapping and ingest, we encountered an ingestion issue:
On cloudtrail, some logs have a big request_parameters field that can exceed 32k and break elasticsearch field limit on
aws.cloudtrail.flattened.request_parameters.