Elasticsearch Java exception. Kibana Unable to fetch mapping. Do you have indices matching the pattern

I have setup with
Kibana 2.0.0
Logstash 2.0.0,
ElasticSearch 2.0.0 and
logstash-forwarder 0.4.0.

I don't see any error messages for Logstash-forwarder, Logstash, Kibana.

On Kibana UI I see message as "Unable to fetch mapping. Do you have indices matching the pattern"

AND on elasticsearch there is java exception as

[2015-11-01 23:31:58,787][INFO ][node ] [Shatter] started
[2015-11-01 23:31:59,125][INFO ][gateway ] [Shatter] recovered [3] indices into cluster_state
[2015-11-01 23:36:00,697][INFO ][rest.suppressed ] /logstash-/_mapping/field/ Params: {ignore_unavailable=false, allow_no_indices=false, index=logstash-, include_defaults=true, fields=, _=1446438960583}
[logstash-*] IndexNotFoundException[no such index]
at org.elasticsearch.cluster.metadata.IndexNameExpressionResolver$WildcardExpressionResolver.resolve(IndexNameExpressionResolver.java:630)

Do you have data in logstash- named indices in ES?

Can you help me out with how to check data is available in "logstash-" named incides in ES.

More info.
curl ':9200/_cat/health?v' give output as
epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1446440953 00:09:13 elasticsearch yellow 1 1 11 11 0 0 11 0 - 50.0%

curl ':9200_cat/indices?v' gives output as
health status index pri rep docs.count docs.deleted store.size pri.store.size
yellow open shakespeare_bulk 5 1 0 0 780b 780b
yellow open shakespeare 5 1 0 0 780b 780b
yellow open .kibana 1 1 1 0 2.9kb 2.9kb

That's what you need to do And as you can see you don't have anything with the name logstash- in ES.

So you either need to change the pattern to suit one of the existing indices, the shakespeare ones, or import some data with Logstash.

Correction in version of Kibana. Its Kibana 4.2.0.

Is there any config file where I can mention the "loghash-" indices.
If not can you help me out with how can I

1. Add new indices.
2. Update existing indices.

Take a look at https://www.elastic.co/guide/en/logstash/current/advanced-pipeline.html

But ultimately, what sort of data do you want to index with ES?

At end of the day I want to monitor all the logs.
eg. syslog, authlog.

Did not face any problem when used.
Kibana: 4.0.1
Elasticsearch: 1.4.5
Logstash: 1.5.4

All you need to do is apply the same process for your previous setup, but just send it to your new cluster.

Thanks for you help. Warkolm .
I applied the same process. All seems to be good except indices error.

Only difference is

1. In previous process I installed most of the components using apt-get . In current process I am using tar files.
2. Difference in versions of all the components.

You should really use the apt repos to keep it simple.

The versions won't matter, as long as you have setup the stack using the same process you will have data going into ES, that you can view with KB.

Yes, Using apt repos keeps it simple.

But I wanted to try out a way I can keep everything( init script, config, bin ) under folder.

Can you help me out with understanding how this indices work.

(At a high level) Indices are what ES uses to store data. You can send data to ES using Logstash.

hi,whats your logstach.conf

Please start a new thread, this is really old and you've given no one details about what you want.