Hello,
I am using workplace search and it is connected with elasticsearch and kibana. For example, I can login to workplace search from kibana.
Recently I read this blog: Analyzing Elastic Workplace Search usage in a Kibana dashboard | Elastic Blog. I really want to use ELK to collect and show the data of workplace search, like search keywords and how many users are using this tool.
But when I go to "Discover" in Kibana , it redirected me to the page of "Index Patterns". And the page showed there is no data about enterprise search.
I wonder why I can't see any data of enterprise search while I can connect to enterprise search from kibana.
Hey chen.lu,
Welcome! Try simply importing the saved-objects.ndjson file mentioned next in that same article you linked. The redirect you're seeing is Kibana telling you that you need to define an index pattern before you can explore/verify its underlying data in Discover.
Let me know if that helps!
Ross
Hello Ross,
Thank you for your reply. I saw that saved-objects in stack management and there was nothing about enterprise-search data. The problem I met was not about the visualizations and dashboard. When I want to define an index pattern, there is no match of .ent-search-workplace-search-analytics-ecs-ilm-logs-*.
You shouldn't have to manually define an index pattern. Importing the saved objects file should do that for you. If the analytics data simply doesn't exist in your Elasticsearch cluster, then I'd wonder if your Kibana is pointed to the same Elasticsearch cluster as your Workplace Search instance. If you're on Elastic Cloud, this should be the case by default assuming both Kibana and Workplace Search are in the same deploy.
I don't know how to verify that kibana is connected to elasticsearch correctly. I can use elastic users and passwords to login to kibana. And I can also visit workplace search from kibana. But it seems there is no data stored in elasticsearch so I can not create index patterns.
I found this message in elasticsearch.log today, maybe it can explain why there is no data.
[2021-01-12T00:03:57,277][ERROR][o.e.x.i.IndexLifecycleRunner] [master] policy [ent-search-workplace-search-content-events-ecs-ilm-logs] for index [.ent-search-workplace-search-content-events-ecs-ilm-logs-production-2021.01.04-000001] failed on step [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}]. Moving to ERROR step
org.elasticsearch.cluster.block.ClusterBlockException: index [.ent-search-workplace-search-content-events-ecs-ilm-logs-production-2021.01.04-000001] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];
You'll definitely want to make sure Elasticsearch isn't out of disk space. If you're on Cloud, that should be verifiable from your deployments page.
Also, can you confirm that you've connected Workplace Search to at least one Content Source and are able to search through your data in Workplace Search?
Finally, what happens when you import that saved object json file?
Hello Ross,
I have fixed the problem of disk space.
And, I have also find the missing index patterns. They were hidden! I just showed the hidden index and I saw them.
I imported the saved object json file and I can use the dashboard now.
Thank you very much for your support.
1 Like
Glad to hear it!
Hello Ross,
I've been trying to do something similar but with AppSearch Analytics logs (clicks, queries, tags, etc) to access the .ent-search-app-search-analytics-ecs-ilm-logs-* data in Kibana.
I have used AppSearch Analytics UI, but I want to customize the data in a Dashboard.
What kind of changes are necessary in the saved-objects.ndjson file to load the .ent-search-app-search-analytics-ecs-ilm-logs-* indices as a Dashboard in Kibana?
I tried to change the index name and I could see the index, the dashboard doesn't show anything (because of course things will not match just by changing the name...), but I would like to understand why do we have use the saved object approach showed in the blog (first post), and which part does load the index data to be visible in kibana?
I see also that the file contains a timestamp -> "updated_at":"2020-10-12T16:21:57.090Z"
Does this means that I'm loading a kind of snapshot of the data up to this date?
Anybody can point me to some useful document that explain a little bit more?
(I've been searching around but I couldn't find yet 
)
Hey Patricia!
I think the analytics data between Workplace Search and App Search use different schemas and wont line up such that you could just point the saved object dashboard to App Search indices. If the analytics dashboards that come out of the box with App Search don't solve your needs, you may have to build a custom dashboard from scratch.
Meta point: this is a pretty old thread, and you'll generally have better luck attracting somebody's expertise with a new thread.
Ross
Hi Ross,
Got it, thanks for your reply!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.