Sample Dashboards broken with ES 5.2

jochen_st · February 3, 2017, 1:10pm

After upgradeing KIbana and Elasticsearch 5.2 from 5.1.2, the sample winlogbeat dashboards / visualizations provided from https://artifacts.elastic.co/downloads/beats/beats-dashboards/beats-dashboards-5.1.2.zip do not work anymore.

Kibana displays the following error:

Error: [illegal_argument_exception] [terms] exclude doesn't support values of type: START_OBJECT
ErrorAbstract@http://andrews.el.wdw-elab.de:5601/bundles/kibana.bundle.js?v=14695:13:30086
StatusCodeError@http://andrews.el.wdw-elab.de:5601/bundles/kibana.bundle.js?v=14695:14:571
respond@http://andrews.el.wdw-elab.de:5601/bundles/kibana.bundle.js?v=14695:14:6928
checkRespForFailure@http://andrews.el.wdw-elab.de:5601/bundles/kibana.bundle.js?v=14695:14:6156
AngularConnector.prototype.request/<@http://andrews.el.wdw-elab.de:5601/bundles/kibana.bundle.js?v=14695:1:24745
processQueue@http://andrews.el.wdw-elab.de:5601/bundles/commons.bundle.js?v=14695:38:23621
scheduleProcessQueue/<@http://andrews.el.wdw-elab.de:5601/bundles/commons.bundle.js?v=14695:38:23888
$RootScopeProvider/this.$get</Scope.prototype.$eval@http://andrews.el.wdw-elab.de:5601/bundles/commons.bundle.js?v=14695:39:4607
$RootScopeProvider/this.$get</Scope.prototype.$digest@http://andrews.el.wdw-elab.de:5601/bundles/commons.bundle.js?v=14695:39:2343
$RootScopeProvider/this.$get</Scope.prototype.$apply@http://andrews.el.wdw-elab.de:5601/bundles/commons.bundle.js?v=14695:39:5026
done@http://andrews.el.wdw-elab.de:5601/bundles/commons.bundle.js?v=14695:37:25016
completeRequest@http://andrews.el.wdw-elab.de:5601/bundles/commons.bundle.js?v=14695:37:28702
createHttpBackend/</xhr.onload@http://andrews.el.wdw-elab.de:5601/bundles/commons.bundle.js?v=14695:37:29634

It looks like the query part from visualization Event-Levels is no longer compatible:

"aggs": {
"2": {
  "terms": {
    "field": "source_name",
    "exclude": {
      "pattern": "\"\""
    },
    "size": 7,
    "order": {
      "_count": "desc"
    }
  }

Downloading and installing the latest beats-dashboards-5.2.0.zip did not help either.

Kindly suggest. Regards
Jochen

jochen_st · February 6, 2017, 8:24am

Issue seems to be caused by https://github.com/elastic/elasticsearch/issues/22933

Fix is to replace

"exclude": {"pattern": "\"\""},

with

"exclude": "\"\"",

in the affeccted visualisations (Event-Levels.json and Evolution-of-the-CPU-times-per-process.json)

monica · February 6, 2017, 8:43am

Thank you for investigating the problem. We were also able to reproduce it for Winlogbeat. Can you please open an issue in GitHub as this will affect all 5.2 releases?

jochen_st · February 6, 2017, 8:54am

opened https://github.com/elastic/beats/issues/3533, thank you @monica

system · March 6, 2017, 8:55am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.