Kibana discover not showing data

Elastic Stack Kibana
1

i have the following indices

  1. log-pb-flow-2021.02.22-000001
  2. log-pb-flow-2021.02.22-000002
health status index                         uuid                   pri rep docs.count docs.deleted store.size pri.store.size
green  open   log-pb-flow-2021.02.22-000001 iepJGgSAR6-gQ9SDh_WJ3w   1   1     265881            0      209mb        104.5mb
green  open   log-pb-flow-2021.03.01-000002 PpI7dOp7Ttyjcg3z1rl_DQ   1   1      28643            0     23.6mb         11.7mb

But Kibana discover can't show the data

ha
ha1918×542 106 KB

2

In the top right you can see the time filter set to "Today". In your post there are two conflicting statements about the indices you have (log-pb-flow-2021.02.22-000001 and log-pb-flow-2021.02.22-000002 vs log-pb-flow-2021.02.22-000001 and log-pb-flow-2021.03.01-000002), but given the time field is configured correctly, none of them would match "today". Try to expand the time range in the top right like the message in the center explains.

3

I did that i set it to 7 days but nothing happened i have other indices log-wlb-sysmon-00001 log-wlb-application-00001 their data is coming

4

ha1
ha11364×484 79.9 KB

The data is coming.. i have not done anything but yesterday data is not discover.

5

Is this issue resolved?

6

Can you check the index from yesterday whether the timestamp field is there, has the right name and right type and is actually filled with data in the documents?

You can do this using the dev tools by querying elasticsearch directly. Like this

GET my-index-name/_mapping

GET my-index-name/_search
7

hey @flash1293 , the problem occured again today

GET /_cat/indices/log-wlb-sysmon*?v&pretty
health status index                            uuid                   pri rep docs.count docs.deleted store.size pri.store.size
green  open   log-wlb-sysmon-2021.03.13-000001 O-C3mMwUTo2dOVbppR6IUg   1   1      41582          502     55.4mb         26.8mb

ha4
ha41356×368 66 KB
ha5
ha51366×455 74 KB
ha6
ha61364×591 79 KB

8 
{
  "took" : 3,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 10000,
      "relation" : "gte"
    },
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "log-wlb-sysmon-2021.03.13-000001",
        "_type" : "_doc",
        "_id" : "0f157aea9661dca667b49a785f273f824fd6ddb1",
        "_score" : 1.0,
        "_source" : {
          "target_process_name" : "startmenuexperiencehost.exe",
          "process_granted_access_orig" : "0x1400",
          "level" : "information",
          "event_timezone" : "UTC",
          "etl_processed_time" : "2021-03-13T09:33:59.590Z",
9 
{
  "log-wlb-sysmon-2021.03.13-000001" : {
    "mappings" : {
      "properties" : {
        "@timestamp" : {
          "type" : "date"
        },
        "@version" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "Archived" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
        "ClientInfo" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },
10

Could you share the query Discover is running by clicking "Inspect" in the top right, then switching to the requests view?

11

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.