Hello, I have JSON messages coming to logstash and they are getting parsed properly, however, I get the error message "no cache mapping, refresh index field list". I have done this multiple times but the error does not go away and the index does not show the new fields from the JSON messages. Any idea what's wrong?
That is really a Kibana question. Does this help?
Should I repost with Kibana tag?
And no I've done that a few times already. Doesn't do anything.
I believe you should be able to move it to that forum.
Done
What version of Elasticsearch and Kibana?
Some behaviors have changed over recent releases.
On older versions you have to go to Kibana stack management, index patterns and manually refresh the index pattern.
Then go back to Discover and do a full reload of the Discover page because the field mappings for Discover were cacged locally.
Then the new fields would show up.
In newer versions that shouldn't be the case.
I believe it's 7.10.2.
I've done exactly that and I still get the error.
You can check the exact version number under Kibana - Stack Management.
Also when you go to Kibana - stack management - index pattern and look at that exact index pattern and then refresh it or even recreate it. Then search for those fields in the index pattern. What do you see?
You should see them saying that they're searchable and aggregatable.
You need to confirm that first
Ok yes 7.10.2 is what I see.
I also did that. Index Pattern > mainframe_syslog-* is the index name. I refreshed it. Still did not see any of the fields from the screen shot above.
So at this point..
What is the name of that actual index... Check within that document?
You can delete the index pattern and recreate it (only do that if you do now have a bunch of dashboards or visualization already doing that).
Try that let me know... There are been BIG improvements in this in recent releases... 7.10.2 is getting pretty old at this point.
Hello,
Disregard. Our ELK admins disabled the refresh function for regular users. Even though it looked like I was refreshing, it wasn't working.
They refreshed it for me! Thanks for checking though!! Sorry to waste your time.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.