Kibana doesn't see new index from elastic

Hi,
I have created new index template on elastic search:
"PUT /_template/abc
{
"index_patterns": ["abc*"],
"mappings" : {
"_doc" : {
"properties" : {
"@timestamp" : {
"type" : "date"
},
"@version" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"host" : {
"type": "ip"
},
"message" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"type" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
}
},
"aliases" : {
"abc123":{}
}
}
As you can see I have change only one field "ip" from default template. Elastic search creates new index, based on this template, but Kibana doesn't wan't to see it - through "create index pattern" option. Any ideas?
Other indexes from elastic, the default ones, work accordingly.

Should I change anything on elasticsearch configuration or kibana to use custom templates?

Have you created an index using this template and added some data to it? What does the cat index API show, e.g. GET _cat/indices/abc*?

Yes, new data is in this new index.

yellow open abc-2019.01.13 5PJtgbTuadKQMidlTx9Uww 5 1 0 0 1.2kb 1.2kb

Or maybe I should start from the beginning and changing type through template in logstash like on this page suggests: "https://stackoverflow.com/questions/32607500/data-type-ip-in-elasticsearch#32614617" ?

That index has 0 documents in it. Can you try adding one to see if that changes things?

Mea maxima culpa
For some reason i have used mappings: {_doc}, while i should use {doc}.

Can you tell me what is the difference and which one should I use? Is one deprecated?

And in your opinion which one option in creating index should I use, json file in logstash configuration or changes through elastic search/kibana interface directly on database?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.