Default Kibana User and uberAgent

Running 6.3.2
Just installed uberAgent on all Elasticsearch nodes
xpack is OFF (xpack.security.enabled: false) so we are currently using the default Kibana user role

Just trying to double check our understanding of a few things. If we create a new index called uberAgent in Elastic (link/steps below) and can see the index called uberagent within the Elastic Index Management why can't we see it when we go through the Create Index Patterns steps?

ipk.jpg1917×941 143 KB

From my understanding its as simple as the user roles of our default Kibana user do not allow for the creating of new index patterns. The second step after that is that we must make sure that the index contains data in order for it to work. Appreciate you taking the time to clarify these things for us.

Side note: we do not have xpack turned on due to some issues with beats_system connectivity...working on that as well but does not need to be addressed here.

https://uberagent.com/docs/uberagent/latest/installation/backend/installing-elasticsearch/#configuration-for-uberagent

It looks like the index name is uberagent. In the index pattern creation window, uberagent* does not match any indices (since the uberagent index has not time pattern in it) so the table is showing you all available index names. If you were to tab through the pages, is uberagent available? Try just using the name uberagent.

After tabbing through I do not see uberagent listed when I'm on the Create Index Pattern page. As you mentioned I am only able to find the name when I'm in the Elasticsearch>Index Management page. Is there a way to add the time pattern to it? Would any of the settings or mappings help you?

uacip.jpg1925×873 150 KB

ualist.jpg1647×939 130 KB

uberagent.jpg1915×947 93.2 KB

What are the uberagent index settings?

{
"settings": {
"index": {
"number_of_shards": "3",
"provided_name": "uberagent",
"query": {
"default_field": [
"uberagent*"
]
},
"creation_date": "1536091751135",
"number_of_replicas": "2",
"uuid": "Lxy_4a5qQvGFNBPLV6Ym3g",
"version": {
"created": "6030199"
}
}
},
"defaults": {
"index": {
"max_ngram_diff": "1",
"translog": {
"generation_threshold_size": "64mb",
"flush_threshold_size": "512mb",
"sync_interval": "5s",
"retention": {
"size": "512mb",
"age": "12h"
},
"durability": "REQUEST"
},
"auto_expand_replicas": "false",
"max_inner_result_window": "100",
"mapper": {
"dynamic": "true"
},
"requests": {
"cache": {
"enable": "true"
}
},
"unassigned": {
"node_left": {
"delayed_timeout": "1m"
}
},
"max_terms_count": "65536",
"data_path": "",
"highlight": {
"max_analyzed_offset": "-1"
},
"routing": {
"rebalance": {
"enable": "all"
},
"allocation": {
"enable": "all",
"total_shards_per_node": "-1"
}
},
"search": {
"slowlog": {
"level": "TRACE",
"threshold": {
"fetch": {
"warn": "-1",
"trace": "-1",
"debug": "-1",
"info": "-1"
},
"query": {
"warn": "-1",
"trace": "-1",
"debug": "-1",
"info": "-1"
}
}
}
},
"fielddata": {
"cache": "node"
},
"routing_partition_size": "1",
"max_docvalue_fields_search": "100",
"merge": {
"scheduler": {
"max_thread_count": "2",
"auto_throttle": "true",
"max_merge_count": "7"
},
"policy": {
"reclaim_deletes_weight": "2.0",
"floor_segment": "2mb",
"max_merge_at_once_explicit": "30",
"max_merge_at_once": "10",
"max_merged_segment": "5gb",
"expunge_deletes_allowed": "10.0",
"segments_per_tier": "10.0"
}
},
"max_refresh_listeners": "1000",
"max_slices_per_scroll": "1024",
"shard": {
"check_on_startup": "false"
},
"load_fixed_bitset_filters_eagerly": "true",
"number_of_routing_shards": "5",
"write": {
"wait_for_active_shards": "1"
},
"xpack": {
"watcher": {
"template": {
"version": ""
}
},
"version": ""
},
"percolator": {
"map_unmapped_fields_as_text": "false",
"map_unmapped_fields_as_string": "false"
},
"allocation": {
"max_retries": "5"
},
"mapping": {
"coerce": "false",
"nested_fields": {
"limit": "50"
},
"depth": {
"limit": "20"
},
"ignore_malformed": "false",
"total_fields": {
"limit": "1000"
}
},
"refresh_interval": "1s",
"indexing": {
"slowlog": {
"reformat": "true",
"threshold": {
"index": {
"warn": "-1",
"trace": "-1",
"debug": "-1",
"info": "-1"
}
},
"source": "1000",
"level": "TRACE"
}
},
"compound_format": "0.1",
"blocks": {
"metadata": "false",
"read": "false",
"read_only_allow_delete": "false",
"read_only": "false",
"write": "false"
},
"max_script_fields": "32",
"query": {
"parse": {
"allow_unmapped_fields": "true"
}
},
"format": "0",
"max_result_window": "10000",
"sort": {
"missing": [],
"mode": [],
"field": [],
"order": []
},
"store": {
"stats_refresh_interval": "10s",
"type": "",
"fs": {
"fs_lock": "native"
},
"preload": []
},
"priority": "1",
"queries": {
"cache": {
"everything": "false",
"enabled": "true"
}
},
"ttl": {
"disable_purge": "false"
},
"warmer": {
"enabled": "true"
},
"codec": "default",
"max_rescore_window": "10000",
"max_adjacency_matrix_filters": "100",
"max_shingle_diff": "3",
"gc_deletes": "60s",
"optimize_auto_generated_id": "true",
"query_string": {
"lenient": "false"
}
}
}
}

You can create an index pattern even if the index(es) it matches do not have a timefield, so that is not the issue here. This sounds like a bug to me. Would you mind creating one, adding as much detail as possible?

I would be happy to do so. I'm new to the community and this will be my first bug report. I've done a bit of searching around the Elastic website/community but couldnt find the proper information on bug reporting could you point me in the right direction to send one in. Thanks for looking into all of this.

UPDATE: Seems like I file a bug report on GitHub through https://github.com/elastic/elasticsearch/issues so I'll go with that for now unless theres some other information I'm missing.

Thanks Ryan. This is a Kibana bug, so please report it here: https://github.com/elastic/kibana/issues

Try posting a document into the index, and then you'll likely be able to create the Index Pattern. Your document count on the index is currently 0.

Posting a document worked to be able to find the index. Thank you for the help.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.