Hello,
I am new to ElasticStack. I have setup the filebeat on a remote server and the Elastics search logstash and Kibana on another server. I am able to see the log in the Logs section however I am unable to get them in the Dashboard. This was working before but it suddenly stopped.
I am getting this in elasticsearch logs
"org.elasticsearch.transport.RemoteTransportException: [04TjNB5][10.1.1.4:9300][indices:data/read/search[phase/query]]
Caused by: org.elasticsearch.index.query.QueryShardException: No mapping found for [@timestamp] in order to sort on
at org.elasticsearch.search.sort.FieldSortBuilder.build(FieldSortBuilder.java:321) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.search.sort.SortBuilder.buildSort(SortBuilder.java:153) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.search.SearchService.parseSource(SearchService.java:808) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.search.SearchService.createContext(SearchService.java:637) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:596) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:387) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.search.SearchService.access$100(SearchService.java:126) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.search.SearchService$2.onResponse(SearchService.java:359) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.search.SearchService$2.onResponse(SearchService.java:355) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.search.SearchService$4.doRun(SearchService.java:1107) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.common.util.concurrent.TimedRunnable.doRun(TimedRunnable.java:41) [elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:751) [elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-6.8.6.jar:6.8.6]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_232]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_232]"
'[DEBUG][o.e.a.s.TransportSearchAction] [04TjNB5] [233862] Failed to execute fetch phase
org.elasticsearch.transport.RemoteTransportException: [04TjNB5][10.1.1.4:9300][indices:data/read/search[phase/fetch/id]]
Caused by: java.lang.IllegalArgumentException: Field [read_timestamp] of type [keyword] does not support custom formats
at org.elasticsearch.index.mapper.MappedFieldType.docValueFormat(MappedFieldType.java:483) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.search.fetch.subphase.DocValueFieldsFetchSubPhase.hitsExecute(DocValueFieldsFetchSubPhase.java:104) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.search.fetch.FetchPhase.execute(FetchPhase.java:175) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.search.SearchService.lambda$executeFetchPhase$3(SearchService.java:541) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.search.SearchService$3.doRun(SearchService.java:381) [elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.common.util.concurrent.TimedRunnable.doRun(TimedRunnable.java:41) [elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:751) [elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-6.8.6.jar:6.8.6]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_232]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_232]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_232]'