Number of indices displayed in Kibana is different from Elasticsearch's number of idices

elasticheart · February 7, 2017, 11:59am

Hi,

i am using ELK GA 5.0.0, and I use httpbeat for Logsash API calls. I have it's index like below;

yellow    open    httpbeat-2017-02-07    Py2UnWmmQE6vOj7sBs7iwg    5    1    688    0    433.1kb    433.1kb

I have a single elasticsearch node and all of my other indices are working fine. When I list indices using http://localhost:9200/_cat/indices?v it shows docs.count as 688, but when I open Kibana, it is showing only 172 hits;

Why is this happening and how can I fix this?

Thanks in advance..

spinscale · February 7, 2017, 12:41pm

This is nothing to worry about. httpbeat uses a feature called nested documents - which are kidn of subdocuments inside of a document. So that when indexing one JSON document, internally thee are actually several documents stored in lucene. This is the discrepancy. The _cat API counts by lucene document, kibana by query result.

elasticheart · February 7, 2017, 12:43pm

Thanks @spinscale for the information

Topic		Replies	Views
Different number of documents Elasticsearch vs Kibana Elasticsearch	3	754	July 5, 2017
Kibana hits are different from docs.count Kibana	5	1906	July 6, 2017
Kibana count and elasticsearch count are different Kibana	3	364	August 6, 2020
Docs count in elasticsearch and hits in kibana don't match Kibana	3	2062	July 6, 2017
Number of documents in a Kibana search does not match Elasticsearch Kibana	5	307	September 3, 2024

Number of indices displayed in Kibana is different from Elasticsearch's number of idices

Related topics