logs are showing in index in Discover page. but not showing in dashboard.
need help?
here are my index patterns:
here are log lines :
but here in dashboard i can't see.
Can you open one of the visualizations in Visualize to check whether they are using the right index pattern?
Also make sure they are built using the right fields (the one actually having data in your indices)
The visualization is built using the saved search "logs [Filebeat Logstash] ECS". Make sure this saved search is linked to the right index pattern and doesn't set filters that exclude all results.
i'm new to logstash and all this how can i know right index pattern linked ?
Go to Discover, click the "Open" menu in the top nav and select "logs [Filebeat Logstash] ECS". This will load the saved search which is used as data source for the visualization.
To the left below "Add filter" the name of the index pattern will be shown.
I suspect this search will point to older data, that's why you can't see the recent data. You have multiple index patterns like logstash-2020.07.21, but you should just create a single one spanning them all: logstash-*. Then you can look at the data from all days at once.
there is need something extra configuration for this index pattern ? or just simply create index pattern "logstash-*" ?
i just created logstash-* index pattern there is all days logs showing but in logs [Filebeat logstassh] dashboard i can't see. i done what you said but i won't able to see.
look...
Based on the screenshot in your original post, some of your data is in the filebeat-7.8.0-2020.07.18 index - as it doesn't start with logstash-, you won't be able to see it when working with the logstash-* pattern.
The way these patterns work is by replacing the * with any possible string and fetching data from the matching indices. So logstash-* will match logstash-2020.07.21 and logstash-just-really-anything-else, but it won't match filebeat-7.8.0-2020.07.18.
The most common setup is to create a second index pattern filebeat-* and recreate the visualizations and dashboard based on that one. Then it will work for all future filebeat data.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.