Elasticsearch Kibana "Discover" returns no results, but exact same query in "Dev Tools" returns results

wishfulwatermelon · January 15, 2022, 11:11am

I was trying to look for data on my index pattern in "Discover". However, it returns no results.

I then looked for data on the same index pattern in "Dev Tools" and copied/pasted over the same Request, which returned to me hits for the query.

This is what I get for my response in "Discover":

{
  "took": 147,
  "timed_out": false,
  "_shards": {
    "total": 115,
    "successful": 110,
    "skipped": 8,
    "failed": 5,
    "failures": [
      {
        "shard": 4,
        "index": "unifier-event-2022-01",
        "node": "IPCLTjqqTpSmacdMHJChjQ",
        "reason": {
          "type": "illegal_argument_exception",
          "reason": "Field [request.data.localDateTimeWithTimezone] of type [text] does not support custom formats"
        }
      }
    ]
  },
  "hits": {
    "total": 5180,
    "max_score": null,
    "hits": []
  },
  "aggregations": {
    "2": {
      "buckets": [
        {
          "key_as_string": date,
          "key": key,
          "doc_count": 39
        },
       // ... Goes on,
      ]
    }
  }
}

Is there a way to return results in "Discover"?

Tomo_M · January 15, 2022, 11:42am

Maybe there are two request in Discover and you seems to paste the result of Chart data request.

The queries/responses in Inspector of Discover are completely the same with the queries/responses you got in Dev Tools?

wishfulwatermelon · January 17, 2022, 7:28am

I followed what someone else this here: Field [winlog.event_data.ProcessCreationTime] of type [keyword] does not support custom formats - #3 by andrewkroh

I refreshed the index pattern and that solved my issue. Thanks!

system · February 14, 2022, 7:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.