Kibana Newbie can find data under 'console', not under 'discover'

Elastic Stack Kibana
1

I am playing around with Kibana for the first time after my first elasticsearch training. I start up locust to dump some randomly generated data into elasticsearch via the rest api and then I wanted to visualise it in real time. The weird thing is that it seems like I can query for data via the 'console' tab but nowhere else. For example, take this query;

GET /ping/single/_search
{
  "query" : {
    "match_all": {}
  }
}

This yields results;

{
  "took": 1,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "failed": 0
  },
  "hits": {
    "total": 202,
    "max_score": 1,
    "hits": [
      {
        "_index": "ping",
        "_type": "single",
        "_id": "AVokuwFnEMlBU3BPizDp",
        "_score": 1,
        "_source": {
          "ts": "2017-02-09T22:15:19.779062",
          "val": 0.053606971838083384,
          "cs": 5.4685131140092285,
          "uid": "c"
        }
      }
...

We can see a timestamp with time 22:15 in it. Next, I'll be looking at the discover tab in kibana to discover that it cannot find any results what-so-ever. Note that I am looking 5 hours back and the time of running was 22:48 on the same date.

Screen Shot 2017-02-09 at 22.47.24.png3348×592 115 KB

The visualisations also do not work and I am wondering why. I have added the data to the index pattern.

Screen Shot 2017-02-09 at 22.49.46.png2748×1574 241 KB

What am I missing?

I am running ELS version: 5.1.1 that came with the developer tutorial of elasticsearch.

2

I've later added much more data. The initial blob was about 200 items and later I've sent it about 2200 more. After doing that and waiting 5 minutes I now do see data appear in kibana. Can this explain what I am seeing?

3

Hi Vincent,

Could it be that your timestamp was just a slight bit in the future?

I get this;

$ TZ='UTC' date
Thu Feb  9 22:33:58 GMT 2017

And you're post was about 42 minutes ago. So it seems like that timestamp might have been in the future.
If you're loading data with a current timestamp into Elasticsearch that's running on the same machine this shouldn't happen, I think...

If you click on your Timepicker and select Absolute, you can extend your time span into the future also.

How is the timestamp being set by locust?

Regards,
Lee

1 Like
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.