Hello,
I seem to have an issue with recent data not being available for visualizations or dashboards in Kibana. I have winlogbeats data from several servers that goes into my ELK stack. I have saved searches for this data that work fine and I can see/search the logs up to the minute.
However, when I try to create any visualizations using these saved searches, any data within about 3 days is not visible. If I use the timescale and put the range within 3 days I get no results found. If I move the time scale back to greater than 3 days I can see data.
I am able to search in the discovery tab using the fields that I am using for the visualizations so it seems like the fields are correct. This is a very weird issue and I am only having it with beats data. All my syslog, netflow, etc. works fine.
my environment:
2 - centos 7 ES nodes 6.2.2-1
1 - centos 7 ES client node 6.2.2-1 with kibana 6.2.2-1
1 - centos 7 logstash 6.2.2-1
