We have 3 separate ES clusters, all at the same ES (2.2+) and Kibana (4.4.1 - build 9693) versions. All 3 Kibana configurations are set to use their respective Discover tabs as the default app to load, and no customization of any settings has taken place in any clusters Kibana instance. Issue is that one of the Kibana instances loads the events in the Discover tab in "oldest first" order of events (meaning the oldest events in the 15 min default interval are at the top and get more recent as you scroll down). The other 2 load with the newest events first - which through all our testing, upgrading, etc. has been the default in any Kibana version we've installed.
This "reverse order" causes an issue when you try to filter a field via the magnifying glasses, where we receive the following error:
Fatal Error: Courier Fetch: Unable to start request because it has already started. (This issue is currently discussed in issue #5828 in Github.)
What I've noticed is that since it takes a while for all 500 events to load in the window (the default is 500), you will receive this error if you try to filter via magnifier before all the events are loaded. However, this behavior (the courier fetch error) does NOT occur when the events load in newest first order.
Sooooooo...... How do we force Kibana to load the event in newest first order?
Our Kibana configs for these 3 clusters are identical except for things like IP addrs, cert names, shield encryption keys, etc.