I'm using indexed field extraction to ingest JSON data over the HTTP Event Collector.
It works great. Except, once the event is > 10k bytes, the fields within the JSON are not indexed automatically. For example, if I submit a 15k event then search for it via `host`, I find it, however if I search for it via a field within the JSON, it does not come up.
Is it possible to configure this setting? I haven't seen anything in the documentation yet. I'm still new to this particular functionality
Thanks
↧