Fiels does not contain any data after loading data using bulk

SofiaContreras · August 20, 2022, 1:30am

I'm trying to make some visualizations using kibana, but the fields have any data.

I thought that if I fill up an index in dev ops using bulk, then I would be able to interact with the data using kibana. Here is the code I ran in dev ops:

PUT /log_consultas
{
  "mappings": {
    "properties": {
      "@timestamp" : {"type": "date"},
      "estado_consulta": { "type": "keyword" },
      "servicio" : {"type": "keyword"}, 
      "administrador":  {"type": "keyword"}, 
      "consultas_realizadas": {"type": "integer"}
    }
  }
}

PUT _index_template/template_1
{
  "index_patterns": ["log_consultas*"],
  "template": {
    "mappings":  {
      "properties": {
        "@timestamp": {
          "type": "date"
        },
        "administrador": {
          "type": "text"
        },
        "consultas_realizadas": {
          "type": "integer"
        },
        "estado_consulta": {
          "type": "text"
        },
        "servicio": {
          "type": "text"
        }
      }
    }
  
  }
}


POST /log_consultas/_bulk
{"index":{"_index":"log_consultas","_id":1}}
{"@timestamp":"2010-05-15T22:00:54","estado_consulta":"consumo","servicio":"consulta","administrador":"Juan Carlos","consultas_realizadas":52}
{"index":{"_index":"log_consultas","_id":2}}
{"@timestamp":"2010-05-15T12:55:04","estado_consulta":"consumo","servicio":"modificacion","administrador":"Juan Lara","consultas_realizadas":10}
{"index":{"_index":"log_consultas","_id":3}}
{"@timestamp":"2010-05-15T14:56:48","estado_consulta":"consumo","servicio":"consulta","administrador":"Juan Lara","consultas_realizadas":20}

.... and so on

After this I created a new Data View call log_consultas

but then when I try to create visualizations in the dashboard this comes up

Can anyone help me? What I'm missing? Any suggestions would be great!

Christian_Dahlqvist · August 20, 2022, 5:06am

I have a few comments:

You mapped some of the fields as text. This implies they will be analysed, which is generally not suitable if you want to build visualisations based on them in Kibana. Instead map them as keyword. See the docs for more information. If you are new to. Elasticsearch and don't know about mappings I would recommend using the default ones (not explicitly specifying index template or mappings).
The timestamp in your documents is in 2010. Note that this is far outside the default time window Kibana uses. See the top right corner. I would modify the data to have current timestamps as that will make it easier to work with.

SofiaContreras · August 20, 2022, 4:38pm

Thank you for the comments, Christian!

I've changed the fields from text to keyword. But I keep getting the same problem, I don't know how my index hasn't been filled with data after I executed the bulk command. Or is there another way to visualize that json data?

Christian_Dahlqvist · August 20, 2022, 4:40pm

Use the cat indices API to see if the index was created and does contain data.

SofiaContreras · August 20, 2022, 6:00pm

It returns:
green open log_consultas ITm9Q48SR8OqI8BImGmsLw 1 1 299 0 40.2kb 20.1kb

I understand that it means that log_consultas has some data.
Also, I've been using the SEARCH method with log_consultas just fine. I don't get why kibana tells me that there is any data.

Christian_Dahlqvist · August 20, 2022, 6:14pm

Did you check the date interval covers the data you indexed?

system · September 17, 2022, 6:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.