Hi,
I've observed my kibana having some of the doc missing as compared to the elasticsearch query.
I did a query on the _id in elasticsearch and return 1 hits
But I did the same query in Kibana Discover, it did not return any result.
I've check the index, _id and the dates are correct
Anyone know how should I troubleshoot this, please help.
Thanks
Your elasticsearch query and the query from discover are not the same. The discover query adds a time filter as well and looks more like this
"query": {
"bool": {
"must": [],
"filter": [
{
"match_all": {}
},
{
"match_phrase": {
"_id": "R4xEH24BB15ZvgWfHF0u"
}
},
{
"range": {
"timestamp": {
"format": "strict_date_optional_time",
"gte": "2019-11-01T13:34:42.028Z",
"lte": "2019-11-01T13:49:42.028Z"
}
}
}
],
"should": [],
"must_not": []
}
}
To view the query discover is using, open inspector by clicking Inspect. Then use this query in console to view how Discover is fetching data.
I suspect the time range filter is filtering out your document. The range shown is your browser's time range while the document shows time range in UTC.
Thanks @Nathan_Reese for the enlightening response.
I'm managed to identify the root caused via the "Inspect".
The Discover query is using time "timestamp", but the doc not shown in Discover is using "@timestamp".
I've resolved the issue by recreating the index pattern using "@timestamp" field as the time filter field.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
