Kibana's Discover JSON and search not showing all data

Hello,

I have Filebeats, Logstash, Elasticsearch and Kibana running on a VM - I have created a template with a mapping and built visualizations and dashboards with this data. The data is there and accessible.

However, only a very small subset of all the data available is being shown in the Discover functionality, plus the JSON shown for each entry (I presume these are the documents) show these few fields instead of the full data I would expect to comprise a document. When searching for fields other than these, I am not able to find anything and presume this issue originates from the same root cause.

Any ideas?

Mind showing a screenshot of what you're seeing? Have you adjusted your time filter (top right corner) to include more than the last 15 minutes worth of data?

As you can see, I have very few fields in my JSON data - however, there is a lot of data not shown here which I can access in the visualizations and dashboards I've built.

Searching for the data also does not show it which I assume is a result of this asymmetry.

Have you adjusted your time filter (top right corner) to include more than the last 15 minutes worth of data

I can see data - I played with the time filter just in case but I get the same results.

Interesting, can you try accessing this data directly via the "dev tools > console" app? If the data in Elasticsearch looks that way too then maybe the issue is upstream.

What exactly do you want me to look up? I checked the index documents and as expected I get the same data as the JSON blob from the Discover tab.

Fix for posterity - _source field was set to false, setting this to true fixed the issue.

Thanks for the help guys

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.