解決elasticsearch報錯Limit of total fields [1000] in index [xxx]

公司部署ELK日誌收集中，當字段過多時候回，出現錯誤[WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"logstash-2019.10.14", :_type=>"doc", :_routing=>nil}, #<LogStash::Event:0x390305bb>], :response=>{"index"=>{"_index"=>"logstash-2019.10.14", "_type"=>"doc", "_id"=>"S-f0yG0BAZNQsWN8qxcz", "status"=>400, "error"=>{"type"=>"illegal_argument_exception", "reason"=>"Limit of total fields [1000] in index [logstash-2019.10.14] has been exceeded"}}}}

 

 

首先臨時解決掉問題

$ curl -X PUT  -H "Content-Type: application/json" -d '{"index.mapping.total_fields.limit":2000}' http://elasticserver:9200/logstash-2019.10.14/_settings
{"acknowledged":true}

 

永久解決問題，

curl -X PUT  -H "Content-Type: application/json" -d '{"template": "logstash-*","settings":{"index.mapping.total_fields.limit":2000}}' http://elasticserver:9200/_template/logstash