Skip to content

/ graylog2-server

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No Quick Values On Message Field #3957

Closed
jalogisch opened this issue Jun 30, 2017 · 1 comment
Closed

No Quick Values On Message Field #3957

jalogisch opened this issue Jun 30, 2017 · 1 comment
Assignees
@bernd
Labels
feature triaged
Milestone
2.4.0

Comments

@jalogisch
Copy link
Contributor

@jalogisch jalogisch commented Jun 30, 2017

Expected Behavior

It should be possible to disable quick values on certain fields.

Current Behavior

It might be easy for users to kill elasticsearch because they create a quick values widget from a certain time over a field like message or full_message.
That will then occupy elasticsearch for quite a while and make any other action impossible until the query is finished.

Possible Solution

Make the configuration option to disable quick values on some fields, messages and full_messages by default.

Context

The quick values widget gives, very fast, some nice insights - but the power that this has can kill the elasticsearch cluster. Even when you know that this can kill your cluster you might end up creation that widget for a search because you are inside of an investigation and need the information.

similar: #2039
@jalogisch jalogisch added the feature label Jul 3, 2017
@florianpopp florianpopp added the triaged label Jul 13, 2017
@billmurrin
Copy link
Contributor

@billmurrin billmurrin commented Aug 4, 2017

Hi @jalogisch - I think it would be nice if this was configurable per stream by an administrator or someone with edit permissions on the stream.

That will limit the ability of view-only users from conducting problematic queries on particular fields within a stream. A default value for the exclusion might include full_message and message.

I also think that this has broader application beyond the QuickValues widget.
@lennartkoopmann lennartkoopmann modified the milestones: 3.0.0, 2.4.0 Aug 22, 2017
@bernd bernd self-assigned this Sep 21, 2017
bernd added a commit that referenced this issue Sep 22, 2017
@bernd
Add config option to disable analysis features in the UI for certain …
Loading status checks…
3f40b0e 
…fields

By default the "message" and "full_message" fields are disabled because
using analysis features like QuickValues on these can harm an
Elasticsearch cluster.

For now the config options *only* disable the UI elements in the web
interface to make sure regular users cannot run dangerous queries. When
using the REST API, a user can still run e.g. terms queries on these
fields.

Closes #3957
@bernd bernd mentioned this issue Sep 22, 2017
Merged
@ghost ghost added the in progress label Sep 22, 2017
@joschi joschi closed this in #4175 Sep 26, 2017
joschi added a commit that referenced this issue Sep 26, 2017
@bernd @joschi
Add config option to disable analysis features in the UI for certain …
Loading status checks…
244fc29 
…fields (#4175)

By default the "message" and "full_message" fields are disabled because
using analysis features like QuickValues on these can harm an
Elasticsearch cluster.

For now the config options *only* disable the UI elements in the web
interface to make sure regular users cannot run dangerous queries. When
using the REST API, a user can still run e.g. terms queries on these
fields.

Closes #3957
@ghost ghost removed the in progress label Sep 26, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bernd bernd

Labels
feature triaged
Projects
None yet
Milestone
2.4.0
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
@bernd @lennartkoopmann @jalogisch @florianpopp @billmurrin