No new data shown in Kibana

Elastic Stack Kibana
1

first: I'm sure this topic comes up frequently but all my searching has been fruitless.

I cannot seem to get Kibana to reflect what is in my indices. Forget live (15 minutes) data, I can't even get it to show the current day's worth of data. I rebuilt my whole environment over the last couple of days and finally fired it up mid-afternoon. It was never current, but it did manage to show data, right up until just after 10PM when it stopped. No new data since then.

In looking at my Elasticsearch index for today, iis-2017.05.11, I see it has over 900K documents. I'm at a complete loss for why I cannot search these in Kibana.

I'm sure it's something simple, and will be obvious to someone else. Please help and Thank you!

Specs:
(all latest versions)
Filebeats -> REDIS/LOGSTASH -> ELASTICSEARCH (cluster \w 2 injest nodes) <- KIBANA (w/ non-master ES node)

configurations, screenshots, etc available upon request.

2

What is your index pattern configuration? Are you using a time field for your index pattern?

3

Hello Lukas,
Please correct me if I'm not providing an accurate reply to your question.

Management/Kibana

iis-*

Configured time field: @timestamp

4

Something interesting occurred. I started Filebeat on a few more servers around 12PM and restarted the redis/logstash instance they are pointed to. Kibana is now showing data from today, but logged as midnight.

@timestamp May 11th 2017, 12:01:50.000

message 2017-05-11 16:01:50

I would understand the 4 hour difference for a noon timestamp, but it seems like this is a midnight timestamp.

from my logstash conf

date {
match => [ "log_timestamp", "YYYY-MM-dd HH:mm:ss" ]
timezone => "Etc/UTC"
}

mutate {
             remove_field => [ "log_timestamp"]
    }
5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.