"no results found" in Kibana Dashboard with filebeat & elastic search

Elastic Stack Kibana
1

Hi I am absolutely new to elastic stack. I just installed and configured filebeat, elastic search and Kibana for Apache logging.

I went through the steps as described in "Getting Started with Filebeat" and reached "Step 6. View the sample Kibana Dashboards" ( https://www.elastic.co/guide/en/beats/filebeat/current/view-kibana-dashboards.html ) Elastic search is running correctly and Kibana and filebeat are started as well.

In the "Discover" panel I see the raw data, then I go to "Dashboard", select the Filebeat Apache
ECS dashboard and can see the dashboard, however in the charts I get "no results found".

Do I have to configure the metrics in order to get the visualisations (there is no hint in the help documentation...)?

2

Perhaps no data exists for the time range in the Dashboard (I think the default is the last 15 minutes)? Maybe you need to expand the time range?

3

I have set the data range to "last 10 days".

Here the raw data:

2019-07-30%2010_56_42-kibana%20raw%20data
2019-07-30 10_56_42-kibana raw data.png1894×875 153 KB

And here the dashboard:

2019-07-30%2011_15_02-Kibana%20Dashboard
2019-07-30 11_15_02-Kibana Dashboard.png1889×917 213 KB

So, I got stuck here in the last step of my evaluation...

Please help...

4

Hi Sergio, what are the values for event.dataset in your data? Does it match mine?

Screenshot_2019-07-30%20Discover%20-%20Kibana
Screenshot_2019-07-30 Discover - Kibana.png394×1312 45.1 KB

5

Hi Nick,

thank you for asking me. Yes I have these fields.

2019-08-05%2012_48_45-Available%20FIelds
2019-08-05 12_48_45-Available FIelds.png612×1156 57.2 KB

I actually just want to display the log messages in a more readable way than they are shown in the Discover panel. I do not need special charts. Just the log lines with some red colored keywords like ERROR for better readability.

I appreciate your help.

6

Discover is useful for exploring data when creating your own visualizations. The Visual Builder (TSVB) has some useful customizations for coloring text based on data. Here's a great video showing how you can customize a TSVB visualization.

1 Like
7

Thank you!

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.