Not able to search on indexed fields in Kibana

richag · May 19, 2016, 12:24pm

Hi

I am using elasticsearch 2.1.2 version and Kibana 4.2.2 version.
I had a index in ES using below:
curl -XPUT http://localhost:9200/abc/tbl/_mapping -d'{
"tbl": {
"_timestamp": {
"enabled": true
},
"_all": {
"store": true
},
"properties": {
"name": {
"type": "string",
"index": "not_analyzed"
},
"num": {
"type": "long"
},
"date": {
"type": "date",
"format": "yyyy-MM-dd"
}
}
}
}'

and it is having indexed data and also data is mapped to Kibana. Please see snapshot:

and when I scroll to Discover page it shows no indexed field to search..

Why? Am I doing something wrong? Help me.

dr_rock · May 19, 2016, 12:41pm

What do you get when you run the following query ?

POST http://localhost:9200/abc*/_search 
{
  "query": {
    "range": {
      "@timestamp": {
        "gte": "now-1w/d",
        "lt": "now/d"
      }
    }
  }
}

richag · May 20, 2016, 3:35am

{
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 7,
"max_score" : 1.0,
"hits" : [ {
"_index" : "abc",
"_type" : "tbl",
"_id" : "573da47b9616b62160765597",
"_score" : 1.0,
"_timestamp" : 1463657777257,
"_source":{"num": 20.0, "name": "ankit"}
},
..........[other indexed data]
, {
"_index" : "abc",
"_type" : "tbl",
"_id" : "573da4b59616b6216076559a",
"_score" : 1.0,
"_timestamp" : 1463657777257,
"_source":{"num": 20.0, "name": "praveen"}
} ]
}
}
curl: (3) [globbing] nested brace in column 15

dr_rock · May 20, 2016, 12:14pm

Sorry for typo, the query was (date instead of @timestamp) :

POST http://localhost:9200/abc*/_search 
{
  "query": {
    "range": {
      "date": {
        "gte": "now-1w/d",
        "lt": "now/d"
      }
    }
  }
}

Anyway, according to your answer, it seems that :

you are using _timestamp field which is deprecated
your data does not contain any date field

When you added your index in kibana, what were the date fields that were proposed to you?

richag · May 24, 2016, 5:00am

I had a date field (as name and num) but there is no data in it. Now I added some data and following your query output is:
{
"took" : 3,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 5,
"max_score" : 1.0,
"hits" : [ {
"_index" : "abc",
"_type" : "tbl",
"_id" : "5743dd5087675117e31d9529",
"_score" : 1.0,
"_timestamp" : 1464065500396,
"_source":{"date": "2016-01-17", "num": 25.0, "name": "xyz"}
}, {
"_index" : "abc",
"_type" : "tbl",
"_id" : "5743dd8887675117e31d952c",
"_score" : 1.0,
"_timestamp" : 1464065500396,
"_source":{"date": "2016-03-04", "num": 23.0, "name": "abc"}
} ]
}
}

In kibana I used date as date field and it is shown in screenshot shared previously.
Also I know _timestamp field is depricated but using ES mapping I forced it to have a value which is shown in ouput.

richag · May 26, 2016, 4:12am

Waiting for response..

dr_rock · May 27, 2016, 9:54pm

Are you sure that you have executed the exact query below?

POST http://localhost:9200/abc*/_search 
{
  "query": {
    "range": {
      "date": {
        "gte": "now-1w/d",
        "lt": "now/d"
      }
    }
  }
}

It is quite surprising to get result with date value 2016-01-17 with this query...

Topic		Replies	Views
Not able to search on indexed fields Kibana	1	498	July 6, 2017
No results in Kibana search Kibana	6	170	December 6, 2022
Documents are stored on elasticsearch, can be checked via query, but Kibana does not find it in the discovery tab Kibana	5	848	June 30, 2020
Kibana unable to query index data from ES Kibana	11	277	May 14, 2021
Many fields not searchable after upgrade Kibana	4	747	March 27, 2019

Not able to search on indexed fields in Kibana

Related Topics