Kibana - No results match your search criteria

All,

I have more than 1000 IIS access logs ingested into Elasticsearch 8.8.1. This amounts to around 100GB in actual storage. I can query the data from a Jupyter Notebook and get results using the same indexes. I have created the proper Data Views in Kibana, set a date range I know there is data from. I see all of the fields but no data.

Could someone please help me understand and resolve this? How can I query Elasticsearch, and get properly formatted results, but in Kibana I can't? It just isn't making sense.

Here is the Inspect Request for a blank search using a date range that definitely has data:

{
  "track_total_hits": false,
  "sort": [
    {
      "@timestamp": {
        "order": "desc",
        "unmapped_type": "boolean"
      }
    }
  ],
  "fields": [
    {
      "field": "*",
      "include_unmapped": "true"
    },
    {
      "field": "@timestamp",
      "format": "strict_date_optional_time"
    }
  ],
  "size": 500,
  "version": true,
  "script_fields": {},
  "stored_fields": [
    "*"
  ],
  "runtime_mappings": {},
  "_source": false,
  "query": {
    "bool": {
      "must": [],
      "filter": [
        {
          "range": {
            "@timestamp": {
              "format": "strict_date_optional_time",
              "gte": "2023-05-25T05:00:00.000Z",
              "lte": "2023-06-03T04:30:00.000Z"
            }
          }
        }
      ],
      "should": [],
      "must_not": []
    }
  },
  "highlight": {
    "pre_tags": [
      "@kibana-highlighted-field@"
    ],
    "post_tags": [
      "@/kibana-highlighted-field@"
    ],
    "fields": {
      "*": {}
    },
    "fragment_size": 2147483647
  }
}

Regards,
Jeff

Hi Jeff and welcome to the community!

Could you please share what is shown on Inspect Response tab?

Does the same query give results if executed via DevTools?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.