I am trying to use Open Distro’s alerting and getting the following error:
“reason”: “field expansion matches too many fields, limit: 1024, got: 1220”,
after doing some researching ( ref - https://stackoverflow.com/questions/40275514/elasticsearch-set-max-clause-count) added the search settings indices.query.bool.max_clause_count to the elasticsearch.yml config. This caused the elasticsearch.service to not start and timeout.
I am looking to get a solution that will allow me to create Alerts with out getting the above mentioned error from Open Distro.