Fiels does not contain any data after loading data using bulk

Elastic Stack Elasticsearch
1

I'm trying to make some visualizations using kibana, but the fields have any data.

I thought that if I fill up an index in dev ops using bulk, then I would be able to interact with the data using kibana. Here is the code I ran in dev ops:

PUT /log_consultas
{
  "mappings": {
    "properties": {
      "@timestamp" : {"type": "date"},
      "estado_consulta": { "type": "keyword" },
      "servicio" : {"type": "keyword"}, 
      "administrador":  {"type": "keyword"}, 
      "consultas_realizadas": {"type": "integer"}
    }
  }
}

PUT _index_template/template_1
{
  "index_patterns": ["log_consultas*"],
  "template": {
    "mappings":  {
      "properties": {
        "@timestamp": {
          "type": "date"
        },
        "administrador": {
          "type": "text"
        },
        "consultas_realizadas": {
          "type": "integer"
        },
        "estado_consulta": {
          "type": "text"
        },
        "servicio": {
          "type": "text"
        }
      }
    }
  
  }
}


POST /log_consultas/_bulk
{"index":{"_index":"log_consultas","_id":1}}
{"@timestamp":"2010-05-15T22:00:54","estado_consulta":"consumo","servicio":"consulta","administrador":"Juan Carlos","consultas_realizadas":52}
{"index":{"_index":"log_consultas","_id":2}}
{"@timestamp":"2010-05-15T12:55:04","estado_consulta":"consumo","servicio":"modificacion","administrador":"Juan Lara","consultas_realizadas":10}
{"index":{"_index":"log_consultas","_id":3}}
{"@timestamp":"2010-05-15T14:56:48","estado_consulta":"consumo","servicio":"consulta","administrador":"Juan Lara","consultas_realizadas":20}

.... and so on

After this I created a new Data View call log_consultas

image
image1919×1006 122 KB

but then when I try to create visualizations in the dashboard this comes up

image
image1913×972 190 KB

Can anyone help me? What I'm missing? Any suggestions would be great!

2

I have a few comments:

  • You mapped some of the fields as text. This implies they will be analysed, which is generally not suitable if you want to build visualisations based on them in Kibana. Instead map them as keyword. See the docs for more information. If you are new to. Elasticsearch and don't know about mappings I would recommend using the default ones (not explicitly specifying index template or mappings).
  • The timestamp in your documents is in 2010. Note that this is far outside the default time window Kibana uses. See the top right corner. I would modify the data to have current timestamps as that will make it easier to work with.
1 Like
4

Thank you for the comments, Christian!

I've changed the fields from text to keyword. But I keep getting the same problem, I don't know how my index hasn't been filled with data after I executed the bulk command. Or is there another way to visualize that json data?

5

Use the cat indices API to see if the index was created and does contain data.

1 Like
6

It returns:
green open log_consultas ITm9Q48SR8OqI8BImGmsLw 1 1 299 0 40.2kb 20.1kb

I understand that it means that log_consultas has some data.
Also, I've been using the SEARCH method with log_consultas just fine. I don't get why kibana tells me that there is any data.

7

Did you check the date interval covers the data you indexed?

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.