Default Index pattern not found?


Hello Everyone,

I am still new to ELK Stack so please be gentle :slight_smile:

I have all components "working" without error now, however, when I go to Kibana it says "No default index pattern. You must select or create one to continue".

I can't get Kibana to see the "logstash-*" index.

If I select the "Include system indices" checkbox, I can see all the monitoring indices, but not the "logstash-*" ones that have my data in them:

BUT, when I go to Dev Tools and run "_cat/indices" I see them:

Please let me know what I've missed, or if you require any more info.

Thank you

(Spencer Alger) #2

Based on the output of _cat/indices I'm guessing that the problem is that the logstash-* indices don't have any documents, the line for my logstash index looks like this:

green open logstash-0 bDLwXNEjSEKcyV-6AvRGpA 1 0 14005 0 48.2mb 48.2mb

(Spencer Alger) #3

@chrisronline any ideas here?



Thank you for the reply, however when I run that from the CLI I get the following showing that there are documents:

(Chris Roberson) #5

This looks related:

Right now, if you try and search against an empty index, it will not show up as a result. If you put at least one document in the index, it should start working.


Thank you both for your reply.

However, maybe I'm missing something.

I can't see the screenshots in my previous posts for some reason, but...

Both of you are saying that my index is empty, however, from my previous screenshot it shows that they have documents.

I ran a search on one and I get responses.

Here is the "count" from the 3 indices that are created so far:

> curl -X GET "localhost:9200/_cat/count/logstash-2018.05.15?v" -u elastic
Enter host password for user 'elastic':
epoch      timestamp count
1526574595 12:29:55  634
> curl -X GET "localhost:9200/_cat/count/logstash-2018.05.16?v" -u elastic
Enter host password for user 'elastic':
epoch      timestamp count
1526574612 12:30:12  1864
> curl -X GET "localhost:9200/_cat/count/logstash-2018.05.17?v" -u elastic
Enter host password for user 'elastic':
epoch      timestamp count
1526574621 12:30:21  13

Please let me know if I am not understanding what you both are trying to explain to me.

Thank you

(Spencer Alger) #7

Yeah, based on the updated screenshot from your terminal I'm seeing docs, but do you see that same info when you run GET _cat/count/logstash-2018.05.15 in the dev tools?

Are you signing into Kibana with the elastic user like you are in the terminal?



Thank you for the quick response, you were correct.

I was using the "kibana" user to log into Kibana and i got a 403 when trying query from the dev tools.

I logged in as the "elastic" user and I can now add the default index pattern.

Before I set the default index pattern, is this how I'm supposed to log into Kibana, with the "elastic" user?

Or, is there something wrong with the permissions on the "kibana" user?

Thank you

(Spencer Alger) #9

Nothing wrong with the permissions, it just doesn’t have access to anything it doesn’t need. I suggest using the elastic user while you’re getting to know Kibana, and then once you’re ready to start sharing access with others checkout the Management > Users section and creat a some new users with the specific privileges they will need.



Thank you for your assistance.

(system) #11

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.