Symptoms

An error similar to the following appears in /var/log/tokumon/current: [WARNING] es: _index:asm command:index status:400 _id:https://localhost/mgmt/cm/asm/working-config/policies/abcdef05-c3f4-353e-b98e-a39da1ab9ece/suggestions/50fedcba-877e-32e4-ba4e-5dc7c413c192 error:{"type":"illegal_argument_exception","reason":"Limit of total fields [2000] in index [asm] has been exceeded"} see searchd log for complete error.

Impact

ASM configurations may not be imported properly

Conditions

During an import the conflict resolution page will not display when there are more than 2000 ASM Config Documents

Workaround

You can work around this issue using the following steps: 1. Change /usr to read/write: mount -o remount,rw /usr 2. Change to the directory: cd /usr/share/rest/tokumon/config/modules 3. Make a copy of asm.js: cp asm.js asm.js.orig 4. Edit asm.js using nano,vi, etc 5. Under "settings"."index", change the following line : settings: { "index":{"max_result_window":50000}}, // Use these to overwrite parts or all of ES_SETTINGS to this: settings: { "index":{"max_result_window":50000}, "mapping":{ "total_fields":{ "limit":5000}}}, // Use these to overwrite parts or all of ES_SETTINGS 6. Save and quit 7. Force tokumon to delete and rebuild all indices: bigstart kill tokumond NOTE: If tokumon begins restarting constantly, there is a likely syntax error in the changes made in step 5. Stop tokumond (bigstart stop tokumond) and repeat step 5 to find the error. If you continue to have problems, revert the file to the copy made in step 3 and open a case. 8. If tokumon is not restarting, wait about 5 minutes for the indices to be created and verify the change: curl -s localhost:9210/asm/_settings | jq .asm.settings.index.mapping Output: { "total_fields": { "limit": "5000" } } 9. Ensure /usr is set to readonly: mount -o remount,ro /usr

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips