How to create the query after creating the alias using discovery?

I have multiple indexes specific to log giles created by our application. In order to co-relate the event in one log file with other log files at same time created the alias index for existing indexes.
Now I can see the alias index with discovery in kibana and also see the all available fields as well from all the original indexes.

After that when try to query in discovery or select the field from different index then not getting the result in query.

Please advice what more information you need to help me so happy to provide those.

One simple thingI am trying is to get the data from all the indexes for a specific time using the Alias index. Then like to apply filter on visualize to see I can make query on Alias to get the specific result.

Thank you,
Sanjay

Here is some more information, need help.

I have created the Alias - pconvp1060connector-2016.12

In Kibana discovery like to make query for alias index by selecting the field code, message , cause, hostname, pid-tid, client_ip, log_level.

I can see all the fields when click on discovery. Once click on add to the field do not see the data on the table.

Need help to resolve this issue.

Following is mapping of alias pconvp1060connector-2016.12 To control the character count to less then 6000 removing some of the curly bracket
GET /pconvp1060connector-2016.12/_mapping
{
"pconvp1060connector03.connector.prod-logstash-2016.12":
"mappings":
"fluentd":
"properties":
"@timestamp":
"type": "date"
,
"hostname":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"message":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"pconvp1060connector03.error-logstash-2016.12":
"mappings":
"fluentd":
"properties":
"@timestamp":
"type": "date"
,
"cause":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"client_IP":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"date_time":
"type": "date",
"format": "yyyy/MM/dd HH:mm:ss||yyyy/MM/dd||epoch_millis"
,
"host":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"hostname":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"log_level":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"message":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"method":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"pid_tid":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"referrer":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"request":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"pconvp1060connector03.access-logstash-2016.12":
"mappings":
"fluentd":
"properties":
"@timestamp":
"type": "date"
,
"agent":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"code":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"host":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"hostname":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"method":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"path":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"referer":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"remote":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"size":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"timestamp":
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256
,
"user": {
"type": "text",
"fields":
"keyword":
"type": "keyword",
"ignore_above": 256

}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.