Kibana Dashboard not showing all data

I have set up a test environment recently with an Elasticsearch cluster, a Logstash and a Kibana server.
I use it to monitor serveral ESXi hosts, collecting their messages. Everything works fine, I have build up a dashboard, created the visualizations by my own.

My problem I have encountered is that while viewing the dashboard, it doesn't show all data from all hosts.

2018-10-08 11_56_07-[ESXi] Alle Hosts - Kibana.png1711×897 82.1 KB

In this image visible are only 11 hosts and only debug messages. We have added 15 hosts and we are not only receiving debug messages.

2018-10-08 12_36_03-Window.png1741×969 69.8 KB

Inspecting the visualization there are clearly more hosts than before. There are 14 hosts. (One host is down so it won't log anything)

2018-10-08 12_38_50-[ESXi] Severity Donut - Kibana.png1676×929 52.7 KB

Also there are clearly more than just debug messages.

I have tried to fix it by recreating the diagrams, but nothing worked.
Does anyone know how to fix this?

Thanks

Try to confirm all hosts logs are present in discover menu.

search your all host names in discover menu consisting search engine .

if any hosts are not present here , that means... that hosts's logs are not shipping to elasticsearch

I can confirm that all logs are visible in the Discover Menu. Except the host being down, all hosts have sent logs.

Also when in the dashboard, I can filter to exclude hosts or message types showing the remaining messages, but again not all hosts.

2018-10-09 06_58_59-.png1722×972 100 KB

Removing the filter only shows debug messages.

I have found the problem: The donut pie charts and the table were split by using "significant terms" instead of "terms" for the aggregation. Having this changed, everything is now shown.

Thanks anyway.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.