Index Pattern doesn't match all the indices

Emilien · June 13, 2019, 8:53am

Hello everyone,

I'm new using ELK and I'm encountering an issue with Kibana.
I'm importing catalina.out in elasticsearch with logstash.
In this part, I don't have any particular problem and the indices seems to be corectly created.

But when it comes to Kibana I just have 715 hints links to the last logstash index. I tried to created an index pattern from a specific logstash one (ex: logstash-0017.04.03) but in this case I don't have any results.

I'm using Kibana 5.3 and I use the default setup. I didn't configure any specific search and I use the Time range "this year"
Does anyone have a lead on my issue?

Thank you for your help

Christian_Dahlqvist · April 7, 2017, 10:20am

It looks like something is not working in your parsing and that it is extracting the year as 0017 (Will be hard to get this included in the Kibana time picker)). You only have one index covering 2017, so what you see in Kibana appears correct.

Emilien · April 7, 2017, 10:57am

You right, I didn't pay attention in the first place but I have an issue because some logs are matching the pattern TOMCAT_DATESTAMP2 and others DATESTAMP2.
I need to convert DATESTAMP2 to TOMCAT_DATESTAMP2 before I target the @timestamp field.
Thanks

Christian_Dahlqvist · April 7, 2017, 11:07am

I would recommend opening an issue under Logstash. make sure you provide example logs as well as your current configuration.

system · May 5, 2017, 11:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.