In the elastic index there are documents in which there are json-arrays.
With the help of logstash, can split this array.
Those several copies of documents with separated fields from the array were obtained.
In the index of the pattern, these fields have the properties of aggregation and search.
The problem is that it is not possible to visualize and search for split fields.
Error in any visualization No results found. And in the disсovery panel documents with fields are visible.
What could be the reason?
Hey @1862347ba9566e72a47d, I'm having trouble following the issue that you're experiencing. Can you include a few sample documents from Elasticsearch?
You might want to try to refresh your index pattern in Kibana if you've recently changed the fields of the documents in Elasticsearch. If you go to Management -> Index Patterns and then click the "Refresh" button highlighted below, this will update the index pattern:
Are you using a "time field" with your index pattern? You can determine this via the Index Patterns Management screen as well, do you see a row with the "clock" icon next to it, which I've highlighted below?
When you have a time field in your index pattern, the time filter in the upper right corner filters which data is displayed in Kibana, have you tried changing this to a large time frame, for example the "Last 5 Years"?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.