In some cases logs from OpenCTI components can't efficiently be streamed or queried in log management tools, because they are too big, are multiline, or not formatted.
Examples that come to mind:
Exceptions in Python components
In OpenCTI back: ElasticSearch "failed to create query: maxClauseCount is set to 5386" => line log can be massive (I have seen a 724584 chars line)
Proposed Solution
Ensure maximum log line length, truncate query/exception when it is obvious it is way too long and won't help in troubleshooting
Use case
In some cases logs from OpenCTI components can't efficiently be streamed or queried in log management tools, because they are too big, are multiline, or not formatted.
Examples that come to mind:
Proposed Solution