This field is present in your elasticsearch mapping but not in any documents in the search results. You may still be able to visualize or search on it

gentitope · September 5, 2016, 2:13pm

This can be frustrating! i have googled this all my day without a solution.
I trying to parse grok field into ES and i have this message "This field is present in your elasticsearch mapping but not in any documents in the search results. You may still be able to visualize or search on it."

someone help out.

jimczi · September 5, 2016, 2:22pm

This is a Kibana related questions so you should post this question in the appropriate forum. Regarding the meaning of the message:
Kibana has a discovery function that tries to discover which fields are present in your collections. To do so it analyzes the first results and checks the fields that are present or missing in the top documents. One field in your mapping is not present in the first documents that show up in the discovery tab so it appears as a missing field. I don't think it causes any problem since as the message says you can still visualize or search on it.

Topic		Replies	Views
KIBANA:This field is present in your elasticsearch mapping but not in any documents in the search results. You may still be able to visualize or search on it Kibana	3	12064	July 6, 2017
New field is present in the index but not in the Discover tab Kibana	3	338	December 21, 2018
Fields are displayed as hidden in Kibana Kibana	5	6466	May 7, 2017
Field is present but missing Logstash	4	367	November 14, 2018
Fields are unknown in de discovery tab kibana and unable to make visualization of field Kibana	4	1539	August 30, 2021

This field is present in your elasticsearch mapping but not in any documents in the search results. You may still be able to visualize or search on it

Related topics