[Terminal Output] process.io.text (wildcard) field seems to be set to only index values < 1024 chars

[mitodrummer]

My guess is that wildcard/keyword types will default to this if you don't specify. Ideally we should be able to search through all IO event text. Currently this issue prevents that, as any events that have more than 1024 bytes will not be indexed and as a result not searchable.

Looking at the documentation for the field https://www.elastic.co/guide/en/elasticsearch/reference/master/keyword.html#wildcard-field-type, it says that ignore_above should default to 2147483647, so perhaps something going on in endpoint-package tooling.