Not all the datas are returned

yasvanth · April 30, 2021, 11:10am

Hi Team,

I have ELK stack deployed using docker swarm, when I query data I couldn't retrive all the data. I have multi-tenant kibana indices such as Admin-tenant can view all the data and individual-tenant where team/ins data are available using DLS function.

My Issue is I couldn't view some group of data either on discover, dev-tools and elasticsearch curl query, but I could see the data on individual tenant. Data groups with lesser documents in indicies are not visible. Is there something on ES setting that I can update to retrive all the documents?

ES version : 7.10.1
Kibana: 7.10.1

Best,
Yash

Christian_Dahlqvist · April 30, 2021, 11:17am

How are you securing your cluster?

yasvanth · April 30, 2021, 11:31am

@Christian_Dahlqvist , Thanks for your prompt reply, Our cluster is secured using Searchguard.

Christian_Dahlqvist · April 30, 2021, 12:26pm

Then I would recommend raising the issue with them.

yasvanth · April 30, 2021, 2:06pm

Thanks for an update, I will contact the SG

system · May 28, 2021, 2:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.