Kibana refresh field list not working

Hey,

I am sending heartbeat and metricbeat logs from host A to Security Onion's logstash. I can see little triangles next to multiple fields. I have refreshed the indexes multiple times (management -> index pattern -> :logstash-beats--> refresh), but it's not working. What am I missing? I am new to all ELK.

Index Name: :logstash-beats-
ELK Version: 6.7.2
Metricbeat & heartbeat version: 6.7.1
The reason it's not updated because I am using the latest Security onion ISO.

Kibana Log:

{"type":"response","@timestamp":"2019-06-19T15:26:18Z","tags":[],"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"127.0.0.1:5601","origin":"https://10.80.2.220","kbn-version":"6.7.2","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36","content-type":"application/json","accept":"*/*","referer":"https://10.80.2.220/app/kibana","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","x-forwarded-for":"10.90.17.63","x-forwarded-host":"10.80.2.220","x-forwarded-server":"localhost","connection":"Keep-Alive","content-length":"54"},"remoteAddress":"172.17.0.1","userAgent":"172.17.0.1","referer":"https://10.80.2.220/app/kibana"},"res":{"statusCode":200,"responseTime":9,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 9ms - 9.0B"}

{"type":"response","@timestamp":"2019-06-19T15:26:19Z","tags":[],"pid":1,"method":"get","statusCode":200,"req":{"url":"/api/index_patterns/_fields_for_wildcard?pattern=*%3Alogstash-beats-*&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score","method":"get","headers":{"host":"127.0.0.1:5601","accept":"application/json, text/plain, */*","kbn-version":"6.7.2","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36","referer":"https://10.80.2.220/app/kibana","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","x-forwarded-for":"10.90.17.63","x-forwarded-host":"10.80.2.220","x-forwarded-server":"localhost","connection":"Keep-Alive"},"remoteAddress":"172.17.0.1","userAgent":"172.17.0.1","referer":"https://10.80.2.220/app/kibana"},"res":{"statusCode":200,"responseTime":73,"contentLength":9},"message":"GET /api/index_patterns/_fields_for_wildcard?pattern=*%3Alogstash-beats-*&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score 200 73ms - 9.0B"}

{"type":"response","@timestamp":"2019-06-19T15:26:19Z","tags":[],"pid":1,"method":"put","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/AWBLHZaBRuBloj96jvrD","method":"put","headers":{"host":"127.0.0.1:5601","origin":"https://10.80.2.220","kbn-version":"6.7.2","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36","content-type":"application/json","accept":"*/*","referer":"https://10.80.2.220/app/kibana","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","x-forwarded-for":"10.90.17.63","x-forwarded-host":"10.90.1.115","x-forwarded-server":"localhost","connection":"Keep-Alive","content-length":"181938"},"remoteAddress":"172.17.0.1","userAgent":"172.17.0.1","referer":"https://10.80.2.220/app/kibana"},"res":{"statusCode":200,"responseTime":375,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/AWBLHZaBRuBloj96jvrD 200 375ms - 9.0B"}

Logstash log:

[2019-06-19T14:56:25,409][INFO ][org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService] adding template [kibana_index_template:.kibana] for index patterns [.kibana]

[2019-06-19T14:56:46,149][INFO ][org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService] adding template [kibana_index_template:.kibana] for index patterns [.kibana]

[2019-06-19T14:56:50,703][INFO ][org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService] adding template [kibana_index_template:.kibana] for index patterns [.kibana]

[2019-06-19T14:56:55,628][INFO ][org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService] adding template [kibana_index_template:.kibana] for index patterns [.kibana]

[2019-06-19T14:57:00,040][INFO ][org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService] adding template [kibana_index_template:.kibana] for index patterns [.kibana]

[2019-06-19T14:57:03,635][INFO ][org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService] adding template [kibana_index_template:.kibana] for index patterns [.kibana]

[2019-06-19T14:57:09,424][INFO ][org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService] adding template [kibana_index_template:.kibana] for index patterns [.kibana]

I do not see any errors and I have not made any changes to default indexs. It was added automatically once Elasticsearch started recieveing logs from Beats.

Thanks in advance.

What's the message you get when hovering over the triangles?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.