kibana – Elasticsearch: how to find a document by number in logs

I have an error in kibana
“The length [2658823] of field [message] in doc[235892]/index[mylog-2023.02.10] exceeds the [index.highlight.max_analyzed_offset] limit [1000000]. To avoid this error, set the query parameter [max_analyzed_offset] to a value less than index setting [1000000] and this will tolerate long field values by truncating them.”

I know how to deal with it (change “index.highlight.max_analyzed_offset” for an index, or set the query parameter), but I want to find the document with long field and examine it.

If i try to find it by id, i get this:

q:

GET mylog-2023.02.10/_search
{
“query”: {
“terms”: {
“_id”: [ “235892” ]
}
}
}

a:

{
“took” : 1,
“timed_out” : false,
“_shards” : {
“total” : 1,
“successful” : 1,
“skipped” : 0,
“failed” : 0
},
“hits” : {
“total” : {
“value” : 0,
“relation” : “eq”
},
“max_score” : null,
“hits” : [ ]
}
}

q:

GET mylog-2023.02.10/_doc/235892

a:

{ “_index” : “mylog-2023.02.10”, “_type” : “_doc”, “_id” :
“235892”, “found” : false }

Maybe this number (doc[235892]) is not id? How can i find this document?

Read more here: Source link