Hii I am using ELK setup . Just to provide some convenience what I did was that I made dashboards of the indices and shared their URL's on simple frontend so that any guy does not have to look through all the tabs in the kibana screen and choose his index . Now what i did is that every time the frontend redirects to the kibana dashboard i turn on AUTO REFRESH on the top right hand side of kibana screen so that recent updates to the corresponding index also get seen in my dashboard . And I believe this is the usage of this AUTO REFRESH button right ? . Now my probem is that I am not seeing the updates in the dashboard . Only page 10 pages are shown and no more pages for search are shown . Any help ?
Hey any help with this problem ??
Have you included a search panel in your dashboard?
@ Christian_Dahlqvist I have not done it explicitly . Its already there isn't it ??? Let me know how can I do it .
If it is not related to a search /discovery panel, I do not understand the issue around only 10 pages being shown. Can you please clarify what the dashboard looks like?
I am attaching the image of my dashboard below -
is it clear now ? see below pos_info_logs_search we have 1 2 3 4....10 . This is not crossing 10 and no new logs can be seen .
The Discovery search panel is designed to show a set subset of records, not all available records. The reason for this is that Kibana users routinely query across millions or even billions of records, meaning that showing all is not an option and would crash any browser. The size of the sample shown is dictated by a global parameter under advanced settings, and is by default 500.
Setting this to a higher value will increase the amount of data displayed, but will also most likely increase latencies as well as memory used.
@Christian_Dahlqvist So you mean that there is a limit to this window (displaying the logs)??? So what can be done to achieve the desired target . Will we have to move to discovery tab ?
Discovery tab has the same behaviour as it also deals with large amounts of data, making sampling a necessity. A common way to work with dashboards is to have a search panel in order to see the underlying records, but then complement this with other visualisations that allow you to drill in and reduce the number of records being queried. When you filter in one of the visualisations on the dashboard, all visualisations get updated and the sample in the search panel gets more and more precise.
If you are looking to see all log entries in sequence/context, there is currently no good way to do this, but an issue tracking this feature exists on GitHub.