Kibana show no resulst though data in ES

Anantha_Ravi · April 13, 2016, 5:37am

i am having an issue is seeing the packetbeat data in kibana even though elasticsearch shows data . basically i find " no results found" response on Discover . Also have selected packetbeat-* is selected as default index pattern .

Packetbeat template:

[root@copylinux kibana]# curl -XGET 1.1.1.1:9200/_template/packetbeat
{"packetbeat":{"order":0,"template":"packetbeat-","settings":{"index":{"refresh_interval":"5s"}},"mappings":{"default":{"dynamic_templates":[{"template1":{"mapping":{"ignore_above":1024,"index":"not_analyzed","type":"{dynamic_type}","doc_values":true},"match":""}}],"_all":{"norms":{"enabled":false},"enabled":true},"properties":{"request":{"norms":{"enabled":false},"index":"analyzed","type":"string"},"@timestamp":{"type":"date"},"client_location":{"type":"geo_point"},"response":{"norms":{"enabled":false},"index":"analyzed","type":"string"},"query":{"index":"not_analyzed","type":"string","doc_values":true},"params":{"norms":{"enabled":false},"index":"analyzed","type":"string"}}}},"aliases":{}}}[root@copylinux kibana]#

Data in ES:

[root@copylinux kibana]# curl -curl -XGET 'http://1.1.1.1:9200/packetbeat-*/_search?pretty' | more
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 9524 100 9524 0 0 2778k 0 --:--:-- --:--:-- --:--:-- 465{0
0k
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 1887,
"max_score" : 1.0,
"hits" : [ {
"_index" : "packetbeat-2016.04.12",
"_type" : "http",
"_id" : "AVQMH3YlZsH-RZ0_e4eO",
"_score" : 1.0,
"_source" : {
"@timestamp" : "2016-04-12T20:17:48.118Z",
"beat" : {
"hostname" : "copylinux.ravi.local",
"name" : "copylinux.ravi.local"
},
"bytes_in" : 115,
"bytes_out" : 269,
"client_ip" : "11.11.11.10",
"client_port" : 55199,
"client_proc" : "",
"client_server" : "",
"count" : 1,
"http" : {
"code" : 200,
"content_length" : 3,
"phrase" : "OK"
},
"ip" : "10.10.10.10",
"method" : "GET",
"params" : "",
"path" : "/1.html",
"port" : 80,
"proc" : "",
"query" : "GET /1.html",
"responsetime" : 0,
"server" : "",
"status" : "OK",
"type" : "http"
}
}, {
"_index" : "packetbeat-2016.04.12",
"_type" : "http",
"_id" : "AVQMH4XEZsH-RZ0_e4eS",

Bargs · April 13, 2016, 9:47pm

Are you sure the time range you've selected in Kibana (in the top right corner) includes the documents you're trying to view?