Skip to main content

I am sending a JSON that contains a stringified-json in one of its fields i.e.

{
  "somefield" : "somevalue",
  "stringified-json" : "{\"detection_id\":\"123123\",\"date_updated\":\"123123\"}",
  "somefield2" : "somevalue2"
}

When i send this data to bindplane, I see that automatic JSON parsing is kicking in (aka https://medium.com/@thatsiemguy/automagic-json-parsing-e838ecda08c2)

 

But I’m observing something very strange. My “stringified-json” value gets truncated to exactly 4096 bytes (4kb).

 

When I inspect the output message in Bindplane’s UI, I can see the Attributes field called `log.record.original` holding the entire stringified-json and it is complete (not truncated).

 

But when I look at the “stringified-json” field (actual field name is `message`) under Body, it is truncated to 4096. 

 

This is the final payload that is sent to Google SecOps’. When I perform a SIEM search, I can see that the field is truncated.

 

Is this a license limitation with Bindplane? We are using the Google Edition.

 

Is it possible that Body has the 4KB limit?

It isn’t. I have ensured this by checking max ingested log size in Bindplane. That is set to 1MB.

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.