So I have logstash, elasticsearch, kibana, an apm server, an apm client, and an apm RUM client all running with the correct settings however when I click the "Setup Kibana" and attempt to view transaction details:
I haven't done anything strange to my setup, I'm using the official docker images. Also, to be clear, I know how to solve the individual issue, but this feels like something I shouldn't have to drop into to fix since 5.X.Y worked just fine?
Sorry to hear about the bugs you are running into. What version of Kibana and APM Server are you using, and what steps do you take to resolve the error message that shows up when expanding the window in Discover?
I believe this has solved my issue, however I'm currently experiencing "1 of 7 shards failed" error, which I believe is something else. I appreciate the help here!
The apm index template should actually make those keyword fields, so something isn't lining up for your apm-server setup --template command (probably setup.template.pattern) or you need to recreate those indices after installing the index template, so the mapping is applied when the index is created.
Excellent, then that's probably the issue here. The default index pattern is apm-6.x.y-* - it appears you've changed your indices to write to apm-server-*, which won't match the default and therefore not have that mapping applied when the index is created. Changing setup.template.pattern='apm-server-6.x.y-*' would address that, assuming you have retained the version number in your indices, which we highly recommend you do. If possible, I'd recommend switching to the default indices and index pattern as laid out in the docs and blog post referenced previously.
Sorry for the trouble @krainboltgreene. apm-server is coming from [@metadata][beat] - this issue tracks the source of that confusion. You can add a condition in the logstash ([@metadata][beat] == apm-server) and set the index to apm-%{[@metadata][version]}-%{+YYYY.MM.dd} accordingly.
Okay, so I've now modified my logstash configuration so that it creates the index as per the pattern above. I've renamed old indexes as well and I've rebuilt my index and dashboards. Interestingly when I look at the individual transaction in the discover panel (processor.event:"transaction" AND transaction.id:"aa916d668cd6ae8f" AND trace.id:"6baffb6dada15e95e08b5051279c0afc") I get this warning:
@krainboltgreene I missed your last post - I've seen that issue when a document in the APM index doesn't have a scripted field that is expected. Please let us know if you come across it again and we can try to track that down.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.