Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
No Quick Values On Message Field #3957
It should be possible to disable quick values on certain fields.
It might be easy for users to kill elasticsearch because they create a quick values widget from a certain time over a field like message or full_message.
Make the configuration option to disable quick values on some fields, messages and full_messages by default.
The quick values widget gives, very fast, some nice insights - but the power that this has can kill the elasticsearch cluster. Even when you know that this can kill your cluster you might end up creation that widget for a search because you are inside of an investigation and need the information.
Hi @jalogisch - I think it would be nice if this was configurable per stream by an administrator or someone with edit permissions on the stream.
That will limit the ability of view-only users from conducting problematic queries on particular fields within a stream. A default value for the exclusion might include full_message and message.
I also think that this has broader application beyond the QuickValues widget.