Kibana Discover tab not displaying data for index pattern

Elastic Stack Kibana
1

Hello,

My Indices showing 8 documents and created index pattern for the same.

ES_pic1
ES_pic11016×251 68.4 KB

My discover tab was showing data for same indices("hc-gc-2020.07.14") before. I restarted Elastic stack and post that sometimes data is displayed after few hours and sometimes it doesn't display only for that indices. For other Indices, data is displaying as usual.

If i do a api call for that Indices("hc-gc-2020.07.14") as below, output response shows all 8 docs.

GET hc-gc-2020.07.14/_search

Now sure what is the issue with discover tab. Kindly let me know any solution?

2

Have you set the right timescale?

image
image3787×731 166 KB

3

Ya, i set for 5 years. But timestamp in log is as below which is not more than 30 days. Same index was displaying earlier with 30days timescale.

 <gc-start id="5" type="global" contextid="4" timestamp="2020-06-18T01:17:50.472">
  <mem-info id="6" free="1839615472" total="2147483648" percent="85">
    <mem type="tenure" free="1839615472" total="2147483648" percent="85">
      <mem type="soa" free="1732241904" total="2040110080" percent="84" />
      <mem type="loa" free="107373568" total="107373568" percent="100" />
    </mem>
  </mem-info>
</gc-start>
4

Have you set a timefield?
What does your index pattern look like? Is there a clock symbol next to the timestamp?

image
image3301×1474 239 KB

You can also check the Query which kibana uses for discover. See if it works if you use it manually or maybe there is an error.
You can find the query here:
image
image3045×1298 324 KB

5

clock symbol next to timestamp field exists as below:

ES_pic2
ES_pic21038×395 91.1 KB

Below is request in discover tab:

ES_pic4
ES_pic41345×567 153 KB

If executed request through dev tools, below is the output:

ES_pic3
ES_pic31312×585 176 KB

Still no data displayed.

6

Please post the code that you executed in the dev tools.
You can format code with three ` symbols

``` <---
CODE
``` <----
7

Please find the request post which i got from discover inspect request tab:

GET /_search?q=message:number&size=0&terminate_after=1
{
  "version": true,
  "size": 500,
  "sort": [
    {
      "@timestamp": {
        "order": "desc",
        "unmapped_type": "boolean"
      }
    }
  ],
  "aggs": {
    "2": {
      "date_histogram": {
        "field": "@timestamp",
        "fixed_interval": "12h",
        "time_zone": "Asia/Calcutta",
        "min_doc_count": 1
      }
    }
  },
  "stored_fields": [
    "*"
  ],
  "script_fields": {},
  "docvalue_fields": [
    {
      "field": "@timestamp",
      "format": "date_time"
    },
    {
      "field": "gcendtimestamp",
      "format": "date_time"
    },
    {
      "field": "gcstarttimestamp",
      "format": "date_time"
    }
  ],
  "_source": {
    "excludes": []
  },
  "query": {
    "bool": {
      "must": [],
      "filter": [
        {
          "match_all": {}
        },
        {
          "range": {
            "@timestamp": {
              "gte": "2020-06-14T09:02:14.309Z",
              "lte": "2020-07-14T09:02:14.309Z",
              "format": "strict_date_optional_time"
            }
          }
        }
      ],
      "should": [],
      "must_not": []
    }
  },
  "highlight": {
    "pre_tags": [
      "@kibana-highlighted-field@"
    ],
    "post_tags": [
      "@/kibana-highlighted-field@"
    ],
    "fields": {
      "*": {}
    },
    "fragment_size": 2147483647
  }
}
8

Here is the query that is executed by kibana. It is looking for all events between "gte": "2020-06-14T09:02:14.309Z" and "lte": "2020-07-14T09:02:14.309Z". Personally I don't see an error if your data is in between those fields. I cant see why it doesn't work.

9

If i just do a search api call for the indices("hc-gc-2020.07.14") as below:

GET /hc-gc-2020.07.14/_search

i got all 8 docs in response:

    {
  "took" : 0,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 8,
      "relation" : "eq"
    },
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "hc-gc-2020.07.14",
        "_type" : "_doc",
        "_id" : "J-UsTXMBMw5nJtg8zPuG",
        "_score" : 1.0,
        "_source" : {
          "gcpausetimems" : 101.685,
          "gcstarttimestamp" : "2020-06-18T01:17:50.472",
          "tags" : [
            "beats_input_codec_plain_applied",
            "_grokparsefailure"
          ],
          "heapusedaftergcmb" : 57.201,
          "fields" : { },
          "allocatedmemorymb" : 2048.0,
          "jvmdescription" : "Ibm",
          "gcendtimestamp" : "2020-06-18T01:17:50.574",
          "log" : {
            "offset" : 5872,
            "flags" : [
              "multiline"
            ],
            "file" : {
              "path" : "/opt/data/gc/Ibm_GC_Log.log"
            }
          },
          "reclaimedmemaftergcmb" : 236.405,
          "host" : {
            "architecture" : "x86_64",
            "name" : "lin025",
            "id" : "433c9d2c1a374bdfae6c429be7641eba",
            "containerized" : false,
            "mac" : [
              "00:50:56:92:71:1c",
              "52:54:00:a7:ba:a9",
              "52:54:00:a7:ba:a9",
              "02:42:4c:d8:52:d6",
              "02:42:38:c9:e2:6c",
              "7e:c5:5c:f3:9e:60",
              "a6:bb:9c:f4:31:d1",
              "f6:70:e9:76:5f:f7"
            ],
            "ip" : [
              "192.168.1.144",
              "fe80::250:56ff:fe92:711c",
              "192.168.122.1",
              "172.17.0.1",
              "fe80::42:4cff:fed8:52d6",
              "192.168.160.1",
              "fe80::42:38ff:fec9:e26c",
              "fe80::7cc5:5cff:fef3:9e60",
              "fe80::a4bb:9cff:fef4:31d1",
              "fe80::f470:e9ff:fe76:5ff7"
            ],
            "hostname" : "lin025",
            "os" : {
              "platform" : "centos",
              "name" : "CentOS Linux",
              "codename" : "Core",
              "family" : "redhat",
              "kernel" : "3.10.0-957.el7.x86_64",
              "version" : "7 (Core)"
            }
          },
          "gcstartid" : "5",
          "ecs" : {
            "version" : "1.5.0"
          },
          "input" : {
            "type" : "log"
          },
          "heapusedbeforegcmb" : 293.606,
          "peakmemorymb" : 293.606,
          "gctype" : "global",
          "gccause" : "af",
          "@timestamp" : "2020-07-14T11:53:42.219Z",
          "agent" : {
            "id" : "0b5f5587-a0d3-4ae3-ae4e-9a15ffec891d",
            "name" : "lin025",
            "ephemeral_id" : "f1436e6b-9a65-4925-9b1a-a1d19c6260c0",
            "hostname" : "lin025",
            "type" : "filebeat",
            "version" : "7.8.0"
          },
          "@version" : "1"
      }}

My log file data is as below which falls between the specified timestamp in query:

<gc-start id="5" type="global" contextid="4" timestamp="2020-06-18T01:17:50.472">
  <mem-info id="6" free="1839615472" total="2147483648" percent="85">
    <mem type="tenure" free="1839615472" total="2147483648" percent="85">
      <mem type="soa" free="1732241904" total="2040110080" percent="84" />
      <mem type="loa" free="107373568" total="107373568" percent="100" />
    </mem>
  </mem-info>
</gc-start>
10

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.