Kibana not seeing ES logs insterted via HTTP POST

maxstone9 · December 3, 2019, 4:25pm

Hey all,

I got Kibana and ES working together and data flowing from Winston without any issues. I have a mobile app that I am trying to hook up to ES and wanted to do it via an HTTP POST call.

POST /logs-2019.12.03/_doc

I see the new fields in the index in ES and I refreshed the Index Pattern in Kibana, but when I try to search for the data in those new fields nothing is showing up. I was able to query ES API directly to retrieve this data, so it seems there is an issue between Kibana and ES.

Any ideas?

flash1293 · December 10, 2019, 9:49am

Hi @maxstone9,

thanks for reaching out. In the top menu there should be an Inspect button. It can show you the ES request made by Kibana. Could you copy and paste the one that's not working for you together with the mapping of your index (GET /logs-*/_mapping) and the request you are sending to ES directly that's working fine?

maxstone9 · December 19, 2019, 7:58pm

hey @flash1293

Thank you for your response. I don't see the inspect button in my options. I am using Kibana 7.4.2.

Mapping for 12.19.2019 ES Index

gist.github.com

https://gist.github.com/lzychowski/79b5a1215b5138ad589ab966ecf4f1eb

gistfile1.txt

{
  "mapping": {
    "properties": {
      "@timestamp": {
        "type": "date"
      },
      "fields": {
        "properties": {
          "code": {
            "type": "text",

This file has been truncated. show original

[Not Showing Up In Discover] Request from Postman to the index with message field

Get request for the above data posted with postman

Discover search

Index Patterns

The successful requests are coming from node.js, so if you could please guide me how to get those out of Kibana UI, I can attach them as well.

flash1293 · December 20, 2019, 9:12am

Sorry that was a bit vague - I meant the "Inspect" button in the Discover view. It's also visible in your screenshot, the last of the menu items above the search bar. Could you copy/paste the request from there?

At least for your example document the problem is that your time range is set to "30 Minutes" which adds a filter based on the time field of the index pattern to the request. As your this is a test for les document doesn't even have a time field (just a message field) it will get filtered out and isn't shown at all. Maybe that's also the problem with your actual data? Could you attach a real-world document out of your index that should show up but doesn't (with personal data blacked out)? If you want to use discover without a time field that's also possible - you just have to create the index pattern without a time field, then the time filter won't get added behind the scenes.

maxstone9 · December 31, 2019, 8:39pm

@flash1293 the lack of timestamp was totally the problem. Thanks for all the help and happy new year!

system · January 28, 2020, 8:39pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.