I have two indices: onwards-access-, onwards-error-**.
There are 6 docs inside onwards-access-, and 2 docs inside onwards-error-
But there are just onwards-access-**** shown in Discover.
get onwards-error-2018.08.06/doc/_search
{
"took": 0,
"timed_out": false,
"_shards": {
"total": 3,
"successful": 3,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 2,
"max_score": 1,
Best wish
Hm. It's not clear which Kibana version you're using, but here are a few things to check:
Is your time range excluding documents? Try setting your time range to something big and see if this changes.
The second thing you might try doing, is bumping up your refresh rate from 15 minutes (the default) to something higher to see if you're just looking at stale data.
Best,
C
Hi @christophilus, I can see error log not. The issue is the @timestamp not correct.
the access log got timestamp field as 2018-08-06T09:22:24.000Z , which is correct , while the error log got 2018-08-06T17:22:24.000Z.
that lead to the error can not shown in log of 2018-08-06...
So the root cause should be the filebeat , whom sent the log to elasticsearch,
thanks
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.