No results in Kibana search

azamf · November 8, 2022, 2:08am

I'm trying to search against an existing index but the request yields no results. I know there is data since other users can see the index and view data in the same time frame.

I am able to view data in most indices in Kibana instance, but a few indices seem to be 'unsearchable' and give no results.

I'm new to Kibana so I may be missing something obvious. Any help would be hugely appreciated.
Some useful info:

The index does have a @timestamp field and is searchable
Other users can run the same request and can view the data in the index
I have the kibana_system built-in user role.

The request:

{
  "track_total_hits": false,
  "sort": [
    {
      "@timestamp": {
        "order": "desc",
        "unmapped_type": "boolean"
      }
    }
  ],
  "fields": [
    {
      "field": "*",
      "include_unmapped": "true"
    },
    {
      "field": "@timestamp",
      "format": "strict_date_optional_time"
    }
  ],
  "size": 500,
  "version": true,
  "script_fields": {},
  "stored_fields": [
    "*"
  ],
  "runtime_mappings": {},
  "_source": false,
  "query": {
    "bool": {
      "must": [],
      "filter": [
        {
          "range": {
            "@timestamp": {
              "format": "strict_date_optional_time",
              "gte": "2022-08-09T14:00:00.000Z",
              "lte": "2022-11-08T02:06:04.033Z"
            }
          }
        }
      ],
      "should": [],
      "must_not": []
    }
  },
  "highlight": {
    "pre_tags": [
      "@kibana-highlighted-field@"
    ],
    "post_tags": [
      "@/kibana-highlighted-field@"
    ],
    "fields": {
      "*": {}
    },
    "fragment_size": 2147483647
  }
}

warkolm · November 8, 2022, 2:24am

Welcome to our community!

So you're looking for all data in this range? Where are you doing this, in Discover or in a Dashboard?

azamf · November 8, 2022, 2:27am

Yes, Looking for data of September through October. I'm searching it in Discover.

warkolm · November 8, 2022, 2:40am

Can you run that query in Run API requests | Kibana Guide [8.5] | Elastic and see what it outputs?

azamf · November 8, 2022, 2:54am

This is the result when running it against e.g. (my-index-*)

{
  "took": 1,
  "timed_out": false,
  "_shards": {
    "total": 0,
    "successful": 0,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "max_score": 0,
    "hits": []
  }
}

But interestingly, running it against a single index, e.g (my-index-dev) gave this error

{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "action [indices:data/read/search] is unauthorized for user [my-username] with roles [Dev,QA,kibana_system,Support] on indices [my-index-dev], this action is granted by the index privileges [read,all]"
      }
    ],
    "type" : "security_exception",
    "reason" : "action [indices:data/read/search] is unauthorized for user [my-username] with roles [Dev,QA,kibana_system,Support] on indices [my-index-dev], this action is granted by the index privileges [read,all]"
  },
  "status" : 403
}

I think I've found the issue. Thank you!

azamf · November 8, 2022, 3:09am

After adding myself in the relevant group with permissions to read the indices in my-index-*, I was able to view the data in the index.

Thank you @warkolm!

system · December 6, 2022, 3:09am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Not able to search on indexed fields in Kibana Kibana	7	1681	July 6, 2017
Kibana - No results match your search criteria Kibana	2	284	August 24, 2023
No results match your search criteria Kibana	2	2490	March 31, 2022
"No results match your search criteria" error while there is data Kibana	16	18837	October 1, 2019
Kibana Discover - No results found :\| Kibana	15	13152	July 6, 2017

No results in Kibana search

Related Topics