b61202b0a8
When analysing a semi-structured text file the find_file_structure endpoint merges lines to form multi-line messages using the assumption that the first line in each message contains the timestamp. However, if the timestamp is misdetected then this can lead to excessive numbers of lines being merged to form massive messages. This commit adds a line_merge_size_limit setting (default 10000 characters) that halts the analysis if a message bigger than this is created. This prevents significant CPU time being spent subsequently trying to determine the internal structure of the huge bogus messages. |
||
|---|---|---|
| .. | ||
| apis | ||
| functions | ||
| images | ||
| aggregations.asciidoc | ||
| categories.asciidoc | ||
| configuring.asciidoc | ||
| customurl.asciidoc | ||
| delayed-data-detection.asciidoc | ||
| detector-custom-rules.asciidoc | ||
| functions.asciidoc | ||
| populations.asciidoc | ||
| stopping-ml.asciidoc | ||
| transforms.asciidoc | ||