Couldn't find any Elasticsearch data

Elastic Stack Kibana
1

when i start kibana and looking in management tab it is displaying message :
"Couldn't find any Elasticsearch data
You'll need to index some data into Elasticsearch before you can create an index pattern "

image
image.png1475×553 26.6 KB

kindly support me to resolve this issue ,i am using elasticsearch,logstash and kibana

2

Can you check that you can see the data in your Elasticsearch cluster with something like this in your browser;

http://localhost:9200/_cat/indices?v

You should see something like this;

health status index       uuid                   pri rep docs.count docs.deleted store.size pri.store.size
green  open   logstash-0  4fOMSVMoQ3S0ZNpb73WjDA   1   0      14005            0       56mb           56mb
green  open   .kibana     Zd2muayFR7SlPBGq1f6ShQ   1   0          3            1     26.2kb         26.2kb
yellow open   shakespeare LmuYM18vTN6SOJU8mw20Pg   5   1     111396            0     21.2mb         21.2mb

The important thing is that you see your logstash index and that it has some docs.count.

If you see that OK, the next step would be to see if your Kibana is connecting to your Elasticsearch cluster OK by checking the logs. Where the logs are located depends on your operating system and how you installed Kibana.

3

Thanks,
i need one more help .
i have .txt file which contain any type of data and my requirement is to display .txt data into kabina kindly suggest generic way to read any type of data in kibana

4

Logstash and Filebeat can both read in text files. If you have specific questions on how to configure them you should ask on the Logstash and/or Beats channels.

5

Helo,
If witht his command http://localhost:9200/_cat/indices?v I don't have any output what can I do?

6

What operating system are you installing Elasticsearch and Kibana on?

How did you install Elasticsearch and how did you start it?

If you Elasticsearch is running on the same host, you should be able to open a browser and go to http://localhost:9200. The response is in JSON format which some browsers may display, or some (like Internet Explorer) might just save as a download.

That response should look something like this;

{
  "name": "jhDXnrd",
  "cluster_name": "elasticsearch",
  "cluster_uuid": "E1ckHApoQm2BeBU8m2BcBA",
  "version": {
  "number": "6.2.2",
  "build_hash": "10b1edd",
  "build_date": "2018-02-16T19:01:30.685723Z",
  "build_snapshot": false,
  "lucene_version": "7.2.1",
  "minimum_wire_compatibility_version": "5.6.0",
  "minimum_index_compatibility_version": "5.0.0"
},
  "tagline": "You Know, for Search"
}

If you don't see that, you should check if your Elasticsearch is actually running.
If it is running, you should check the Elasticsearch log files to see if there's any errors.

Please let me know and I'll try to help some more.

7

Hello,
I am using Debian 9 and I install elasticsearch with the debian package. My elasticsearch is running and I have the response in the browser.

curl -X GET http://localhost:9200
{
"name" : "NoVgygD",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "94BD3suKTgW4g9tTcDmcRw",
"version" : {
"number" : "6.2.2",
"build_hash" : "10b1edd",
"build_date" : "2018-02-16T19:01:30.685723Z",
"build_snapshot" : false,
"lucene_version" : "7.2.1",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}

But with de kibana I have the error "kibana could not connect to elasticsearch data".
Thank you!!!!

8

HI
I am getting same error above you mentioned. please help me. I have data in elastic search but in kibana,
i am unable to add index pattern in kibana

image
image.png1920×1080 219 KB

9

OK, so if your Elasticsearch is up, the next step is the /_cat/indices?v . If you ran logstash and it successfully loaded data into Elasticsearch you should see the index in that output. If you still don't see that you might want to post a question on the logstash channel.

Another option is to just post some data into Elasticsearch using the Kibana Dev Tools Console.

POST test/doc
{
  "myField": "myData"
}

If you post that small doc above, you should see the test index in the output of _cat/indices
And you should be able to create the index pattern for test.

5 Likes
10

Same issue here. I had ElasticSearch and Kibana running with WinlogBeat and Heartbeat sending data to Elasticsearch for about 2 days. I had the index Pattern setup and the Heartbeat dashboard working.

I then install x-pack and they no longer show data.

I decided to delete both the winLogbeat-* and the heartbeat-* indexes from Kibana hoping to recreate them and now Kibana (under Management, Index Patterns) says "Couldn't find any Elasticsearch data".

Here is a print out of my _cat/indices?v

health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .watches bE3Lgf64RAWbIjDB9Fvzdw 1 0 6 0 109.5kb 109.5kb
yellow open winlogbeat-6.2.2-2018.02.27 HzeZJ60BRGaPtY73iIQh_A 3 1 261 0 386kb 386kb
green open .monitoring-kibana-6-2018.02.28 otP9zcAtTBaUlbMgaAh90Q 1 0 1314 0 479.9kb 479.9kb
green open .kibana 0X29PuB2T9Wewbv6LYBIbw 1 0 8 0 22.5kb 22.5kb
close .watcher-history-7-2018.02.27 HjtfVtelTSCeHHGOTeIGtg
yellow open heartbeat-6.2.2-2018.02.28 P_n9wIFRSK-S_XSuJhH0Fw 1 1 12953 0 4.1mb 4.1mb
green open .watcher-history-7-2018.02.28 EbW5DGEoTqS4qR-daSZc6w 1 0 2372 0 3.5mb 3.5mb
yellow open heartbeat-6.2.2-2018.02.27 OX2fK8UpQkK7V56B7wETjQ 1 1 457 0 127.4kb 127.4kb
green open .monitoring-es-6-2018.02.27 UZTXaTYoRh6Ghrk_XyHzOw 1 0 1064 12 683.4kb 683.4kb
green open .monitoring-es-6-2018.02.28 _jYbGX7YRqGGcw6zmX6C5w 1 0 30189 200 17.9mb 17.9mb
green open .monitoring-alerts-6 NYagRVGsTkW1DC11OdA90Q 1 0 4 1 30.5kb 30.5kb
green open .security-6 2esDuIDERNSUg7cgYIcFCw 1 0 3 0 9.9kb 9.9kb
green open .triggered_watches IrsUvtdqS_GsxSOjrU2t8Q 1 0 0 0 144.9kb 144.9kb
yellow open winlogbeat-6.2.2-2018.02.28 nGSBJiE4T2amkAYGIbwo9w 3 1 177 0 449.6kb 449.6kb

Open to any suggestions

In the past when this has happened I did an uninstall of the x-pack and it worked again.

11

When you install x-pack, it becomes very important what user you log in to Kibana with and what roles that user has.

In @gopi.yeguru screenshot I see the kibana user. That built-in user only has the kibana_system role which is for the kibana server to connect to Elasticsearch. It's NOT the user that users should log in as. That user doesn't have access to things like your winlogbeat data.

You could log in as the elastic superuser and then you should have full access to all your data.

You should then also go to Management > Roles and create a role that has only the privileges needed. For example, if you have winlogbeat data I would create a winlogbeat_reader role which has read and view_index_metadata on that index.
Then create a user and give them at least the kibana_user role and the winlogbeat_reader role.

1 Like
12

Where could I find the password for "elastic superuser" or does it have one by default. Also, where is that addresses in the documentation? I started down the path a little bit today but got lost in the weeds when reading it.

13

Scratch the password for elastic superuser. I understand which one that is when I set the passwords.

This solved my issue.

Thank you very very much.

14

Hi,I also encountered this issue. And I can just see one line "health status index uuid pri rep docs.count docs.deleted store.size pri.store.size" in my browser. When I deployed elk, I just installed the three components by RPMs and not start any service by hand. So I think logstash is not connected with elasticsearch correctly now. Do you have any ideas?

15

Hi aaltonen,

Sorry nobody saw your post for this long. I'm guessing you've probably solved your problem by now, but if not, or for anyone else who finds this...

If you install "ELK stack" Elasticsearch, Logstash, Kibana by installing the rpm packages you have to start each service. But I don't think Logstash comes with any default configuration that will load any data. I think you always have to tell it what data to get and then start it up.

Besides the ELK stack we also have "Beats". And some of them like Metricbeat have a default configuration which will load data into Elasticsearch. So for someone just trying to get a stack working, I think Metricbeat is a bit easier than Logstash.

Lee

16

I also have the same problem and all runs.

1 Like
17

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.