Query is too complex #3387
-
|
I'm trying to run a simple query over differents plaso timelines of around 250MB each and i always get the sme error "Server Error: query is too complex". The query i'm trying to run is simply "postgres" over all the 3 plaso timelines. Is there a problem with this kind of queries and i need to run them differently (maybe filtering by messagge fileds andso on)? I've already increased the max ram and cpu used by elastic and timesketch container. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Do you get the orange warning snackbar or a red error one? How many entries do you have in your searchindex mappings? Usually the solution is to limit the search on specific fields. So e.g. |
Beta Was this translation helpful? Give feedback.
Do you get the orange warning snackbar or a red error one?
How many entries do you have in your searchindex mappings?
curl -X GET "localhost:9200/<your_index_name>/_mapping?pretty"(you get the index name when you click data source or info on the timeline 3dot menu)Usually the solution is to limit the search on specific fields. So e.g.
message:postgres