I have Filebeats, Logstash, Elasticsearch and Kibana running on a VM - I have created a template with a mapping and built visualizations and dashboards with this data. The data is there and accessible.
However, only a very small subset of all the data available is being shown in the Discover functionality, plus the JSON shown for each entry (I presume these are the documents) show these few fields instead of the full data I would expect to comprise a document. When searching for fields other than these, I am not able to find anything and presume this issue originates from the same root cause.
Mind showing a screenshot of what you're seeing? Have you adjusted your time filter (top right corner) to include more than the last 15 minutes worth of data?
As you can see, I have very few fields in my JSON data - however, there is a lot of data not shown here which I can access in the visualizations and dashboards I've built.
Searching for the data also does not show it which I assume is a result of this asymmetry.
Have you adjusted your time filter (top right corner) to include more than the last 15 minutes worth of data
I can see data - I played with the time filter just in case but I get the same results.
Interesting, can you try accessing this data directly via the "dev tools > console" app? If the data in Elasticsearch looks that way too then maybe the issue is upstream.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
