Hi,
I tried importing an index to another elk stack and had no issues with it. The problem is that the index shows no logs on the discover tab. I think i need to do something else to import the logs but can't seem to find it, is there a way to do this?
Thanks.
Hi @nyquillus,
first, the most obvious: have you set your timerange properly where the data is?
Secondly, what happens when you go to the dev tools and try to run:
GET /[name_of_your_index_pattern]/_search
{
"query": {
"match_all": {}
}
}
yes i exported the last hour of logs to test it out and i set the correct timerange.
when i type what you posted i get this result:
{
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 0,
"successful" : 0,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : {
"value" : 0,
"relation" : "eq"
},
"max_score" : 0.0,
"hits" : [ ]
}
}
i also saved and exported the spesific query along with index. still got this same result.
edited the final statement out because of my mistake, the rest above is still the issue
Ok, so there's definitely something wrong with how data was imported. What's the method you chose to move your data? We usually recommend following: https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-reindex.html#reindex-from-remote
i chose the import/export tool in "saved object" menu.
Ok, that explains why the data wasn't imported. The saved objects in Kibana can be dashboards, visualizations, index patterns, etc but not indices. The saved objects don't contain the data.
( I think the confusion can come from difference between index and index pattern - An index pattern tells Kibana which Elasticsearch indices contain the data that you want to work with but it doesn't contain data itself – for that you need an index)
Following the guide from the link above to import the data will work in your case. Let me know if you need any further assistance.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.