Kibana Discover - No results found :|

Im doing something wrong but cant work it out, any help is appreciated.

I have a bunch of documents in elasticsearch, this is the search and result from Marvel:

GET /my_index/my_type/_search
{"query" :
{
    "bool" : {
        "must" : [
          {
            "term" : { "channel" : "request" }
        },
        {
          "term":{"level" : "200"}},
             {
          "term":{"userid" : 84}}
        ]
    }
}
}

### result

{
   "took": 10,
   "timed_out": false,
   "_shards": {
      "total": 5,
      "successful": 5,
      "failed": 0
   },
   "hits": {
      "total": 1,
      "max_score": 2.970658,
      "hits": [
         {
            "_index": "my_index",
            "_type": "my_type",
            "_id": "AVCuTdURjAmnSWnnkp4Z",
            "_score": 2.970658,
            "_source": {
               "id": "29155",
               "channel": "request",
               "level": "200",
               "source": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)",
               "message": "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy",
               "userid": "84",
               "time": "1405813801"
            }
         }
      ]
   }
}

The time field represents Sat, 19 Jul 2014 23:50:01 GMT

I've managed to find the index in Kibana settings, but I cannot get a single result from any search. I have set the time range to "last 5 years" and search as * , I just get "No Results found "

I've also tried recreating my index with a new mapping where "store" is true in all fields. No difference.
Can anyone suggest what I might be doing wrong?

Did KB accept the time field in the index settings?

I've now tried several different ways and cannot get any data to show in kibana. Time-field name does not provide anything in the drop down at kibana->settings->"configure an index" .

In ES I have a sync.json in config/mappings/_default ( i have also tried to add this mapping in a PUT but same end result )

{

"sync" :{
"_timestamp" : {
"enabled" : true,
"path" : "time",
"ignore_missing" : true,
"store":true
},
"properties": {
"channel": {
"type": "string",
"store" : true
},
"id": {
"type": "integer"
},
"level": {
"type": "integer",
"store" : true
},
"message": {
"type": "string"
},
"source": {
"type": "string"
},
"time": {
"type": "date"
},
"userid": {
"type": "integer",
"store" : true
}
}

}
}

I create an index in sense.
I load documents into index_name/sync using the php api ( the "time" field values are unix timestamp * 1000 for epoch_millis )

The mapping do not appear to get used, when I then:

GET index_name/sync/_mapping

I get

{

"index_name": {
"mappings": {
"sync": {
"properties": {
"channel": {
"type": "string"
},
"id": {
"type": "long"
},
"level": {
"type": "long"
},
"message": {
"type": "string"
},
"source": {
"type": "string"
},
"time": {
"type": "long"
},
"userid": {
"type": "long"
}
}
}
}
}
}

In Kibana I can see the index but it does not recognize any date fields. So it looks like the mappings in _default just doesn't get used, or I'm adding the data in the wrong way or adding the mapping in the wrong way. If I make a deliberate syntax error in the sync.json file I get an error when trying to create an index, so the file is being parsed.
Also I can search my documents using sense or curl and I get the results I expect with the time field in milliseconds.

A bit stumped, any help appreciated

That looks like why. Your mapping isn't being done correctly.

What does the date actually look like.

"time": "1405813801"

Ok, so it's a epoch timestamp that just isn't being mapped correctly as I mentioned.

Can you gist/pastebin/etc your entire mapping file and link it here?

Now resolved. Since upgrading to ES 2.0 ( which no longer supports mapping in config files ( thanks erikstephens) ) I now see docs in kibana. Thanks for your help.

wait...how did ES 2.0 solve this issue? I am getting the same error after installing ELK (latest versions for each). Where do you now do your mappings?

Well it was solved because ES2.0 no longer supports mapping in config files so I created a new index, added the mapping via the PUT api and then added the documents ( you have to add the mapping before the documents ) . The mapping persisted and now Kibana can read the date fields and display the data.

Hi All

I have the same problem in ES 1.7.3 with kibana 4.1.3. Discover tab is not displaying data and showing as "No results found". I configured index pattern as "test_item" in settings indices tab and selected "CRT_DTTM" in time field name dropdown. CRT_DTTM has type "date". Please find below mappings of "test_item.

{

kibana screenshot.PNG1348×664 44.9 KB

PUT test_item/item/_mapping
{
"item": {
"_all" : {"enabled" : false},
"properties": {
"ITEM_ID": {
"type": "long",
"index": "not_analyzed",
"doc_values": "true",
"norms":{
"enabled": false
}
},
"CRT_DTTM": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss",
"index": "not_analyzed",
"doc_values": "true",
"norms":{
"enabled": false
}
},
"UPD_DTTM": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss",
"index": "not_analyzed",
"doc_values": "true",
"norms":{
"enabled": false
}
},
"ITEM_TYPE": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true",
"norms":{
"enabled": false
}
},
"SG_CHR_VAL_ID": {
"type": "long",
"index": "not_analyzed",
"doc_values": "true",
"norms":{
"enabled": false
}
},
"PG_CHR_VAL_ID": {
"type": "long",
"index": "not_analyzed",
"doc_values": "true",
"norms":{
"enabled": false
}
},
"XCD": {
"type":"nested",
"properties": {
"XCD_ID": {
"type": "long",
"index": "not_analyzed",
"doc_values": "true",
"norms":{
"enabled": false
}
},
"EXTRN_CODE_GRP_ID": {
"properties": {
"ID": {
"type": "long",
"index": "not_analyzed",
"doc_values": "true",
"norms":{
"enabled": false
}
}
}
},
"HAS_IMAGE_IND": {
"type": "string",
"index": "not_analyzed",
"doc_values": "true",
"norms":{
"enabled": false
}
}
}
}
}
}
}

Please kindly in this and it would be very helpful.

Thanks,
Ganeshbabu R

upper right corner change the default time from "Today" to something longer

Hi all

I have same trouble. I have configured to get log in iis ( example: logstash_getlog_iis.conf ). When i have used command line --configtest for test --> result is ok

However, when using kibana to show this log, It's notice that no results found

It's true that, i don't understand why and don't know where is my mistake in there?

Could you help me?

Regds

p/s: i'm using kibana 4.1.2 on Centos 6.7

Hi, all.. I've come across almost the same problem.
Elasticsearch 2.3.5
Kibana 4.5.3
on the same ubuntu machine
I could use curl to confirm that data are inserted into the index,
and also in kibana, it can automatically match the index name when I create in visualize.

So I imply from this post that it may be probably caused by the time format.

But, since for the index, I've give it a mapping, and when I check it, for the time field, it shows
"time":{
"type" :"date",
"format": "strict_date_optional_time || epoch_millis"
}
and when i do a search, a record instance contains:
"time":1356998940000

and in kibana, I did a search from 2013-01-01 to 2013-01-06.

Could anybody tell me how to config it right, to make this search work to return result??

Thanks a lot!

how can I check whether KB accept it or not ? thx~!!

Please start a new thread, this one is really old and may not be relevant to your issue.