i am using ELK GA 5.0.0, and I use httpbeat for Logsash API calls. I have it's index like below;
yellow open httpbeat-2017-02-07 Py2UnWmmQE6vOj7sBs7iwg 5 1 688 0 433.1kb 433.1kb
I have a single elasticsearch node and all of my other indices are working fine. When I list indices using http://localhost:9200/_cat/indices?v it shows docs.count as 688, but when I open Kibana, it is showing only 172 hits;
This is nothing to worry about. httpbeat uses a feature called nested documents - which are kidn of subdocuments inside of a document. So that when indexing one JSON document, internally thee are actually several documents stored in lucene. This is the discrepancy. The _cat API counts by lucene document, kibana by query result.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
