I have Elasticsearch and Kibana running in a docker container. I've recently setup up a data stream from my 1900ACS router of ulog data pushing connections information from that router into Elasticsearch. From what I'm seeing in Elasticsearch, an index has been created and data exists within it.
My issue seems to be within Kibana, creating an Index Pattern doesn't show anything. Using the Kibana DevTools, I can see data exists like the following:
{
"_index" : "network-2020-07-06",
"_type" : "_doc",
"_id" : "gg5dJ3MB_VGq9xsppnf1",
"_score" : 1.0,
"_source" : {
"tags" : "openwrt",
"outbound" : {
"source" : {
"port" : "55147",
"packets" : "11",
"ip" : "192.168.1.247",
"bytes" : "3036"
},
"destination" : {
"port" : "443",
"ip" : "52.206.227.240",
"geo" : {
"region_name" : "Virginia",
"region_iso_code" : "VA",
"location" : "39.048100,-77.472800",
"country_name" : "United States",
"country_iso_code" : "US",
"continent_name" : "North America",
"city_name" : "Ashburn"
},
"address" : "ec2-52-206-227-240.compute-1.amazonaws.com"
}
},
"network" : {
"transport" : "TCP"
},
"message" : """Session completed; client='192.168.1.247'; server='52.206.227.240'; destination_port='443; protocol='TCP'; session_lenght='75'""",
"inbound" : {
"source" : {
"port" : "443",
"packets" : "8",
"ip" : "52.206.227.240",
"bytes" : "4393"
},
"destination" : {
"port" : "55147",
"ip" : "173.#.#.#"
}
},
"host" : {
"name" : "LEDE",
"ip" : "192.168.1.1"
},
"event" : {
"start" : "2020-07-06T22:41:10-07:00",
"end" : "2020-07-06T22:42:25-07:00",
"duration" : "75"
},
"ecs" : {
"version" : "1.0.0"
},
"@timestamp" : "2020-07-06T22:42:25-07:00"
}
},
However, after creating an Index Pattern in Kibana of simply "network-*", I'm getting nothing in Discover though. I'm getting this error:
No results match your search criteria
Nothing really sure what is going on. Any ideas ?