Hello,
I meet a problem in kibana, on logs that are empty for a device:
I don't understand why they are empty, because all the logs for this device are not empty.
{ "_index": "securite-2018.06.25", "_type": "fortinet", "_id": "AWQ1fde9i1msriLshtFb", "_score": 1, "fields": { "@timestamp": [ 1529905795396 ] } }
If the issue came from parsing, I should have a grokparsefailure tag in json.
Elasticsearch version: 5.4.1
Kibana version: 5.4.1
Logstash version: 5.4.1
Have already seen this issue?
How is your Kibana Index Pattern set up? Does it contain the expected fields? Under Management -> Index Patterns, open your index pattern. If your fields are not displayed, click Refresh Index Pattern to get the latest mappings from Elastic search.
Do your documents have the expected fields in Elastic search? Use Dev Tools -> console to query your index and verify that the documents look as expected. GET /logstash-0/_search is a simple query that will return the first 10 documents in the "logstash-0" index. You can also use dev tools to view the mapping for the index. Does the mapping contain the fields you expected with the correct types? GET /logstash-0/_mapping will show you the mappings for the "logstash-0" index.
Hello,
Thank you for your reply.
My Kibana index pattern setup is securite-* because all the index' name are securite-AAAA.MM.DD an yes all the expected fields are displayed.
I find all the fields wanted on the mapping GET /securite-2018.06.25/_mapping and the simple search looks good.
Maybe is there a query for search with the _id tag? With that, I could see what Elasticsearch has I think.
There is an example of empty log searched by the _id field:
Query:
GET securite-2018.06.27/_search
{
"query": {
"terms": {
"_id": [ "AWQ_z8rJS39vmUnUvmV0" ]
}
}
}
Request:
{
"took": 85,
"timed_out": false,
"_shards": {
"total": 2,
"successful": 2,
"failed": 0
},
"hits": {
"total": 1,
"max_score": 1,
"hits": [
{
"_index": "securite-2018.06.27",
"_type": "checkpoint",
"_id": "AWQ_z8rJS39vmUnUvmV0",
"_score": 1
}
]
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.