Hi all,
I'm new to ELK Stack, I have it installed on Ubuntu 16.04 and I'm also using packetbeat. I have packetbeat capture data through a tap and then, send it to logstash, then to elasticsearch. The data is coming in nicely but, I'm getting this error on my Kibana and the Packetbeat dashboard isn't showing anything. Not really sure what the issue is.
Is it because my packet capture doesn't have all the required data?
Thanks in advance!
What version of Kibana and elasticsearch are you using?
Just successfully repro'ed in master. Filed an issue so you can track further progress here: https://github.com/elastic/kibana/issues/9571
Hi @zacesa,
This issue could be if your packetbeat index has no data, which is why I was seeing it. As soon as data started coming in, I refreshed the packetbeat field list and everything works as expected.
If you are still seeing this issue, let me know if refreshing the field list in Management helps, and if all fields have a type assigned to them.
@Stacey_Gammon I have data coming in, I've also refreshed the field list but, I'm still getting the error.
I deleted my index pattern from Kibana, thinking I could readd it back and hopefully fix this issue but I just made it worse, now when I click management, all I get is a blank page.
After I deleted the index pattern from kibana, a new index came up in my elastic search when I ran, curl -XGET localhost:9200/_cat/indices
yellow open %{[@metadata][beat]}-2016.12.21 GqdmtZmhS4mZ5zyfTCNH2g 5 1 183613 0 67.9mb 67.9mb
I can't seem to delete this index since there's curly brackets in the name of the index.
UPDATE: Managed to delete the index with curl -XDELETE localhost:9200/*metadata* but, I'm still getting blank pages on Kibana. The pages I get blank are, Discover, Visualize, Dashboard, Dev Tools, Management.
UPDATE 2: Deleting packetbeat-* and *metadata* using curl didn't fix the issue, but running curl -XDELETE localhost:9200/_all fixed the blank screens. Will be trying to get data back in again.
I didn't touch my ELK for a day and when I come back, it suddenly created two other indexes again.
Not sure what the issue is.
UPDATE: I had to change the index for output from my logstash from %{[@metadata][beat]}-%{+YYYY-MM-DD} to packetbeat-%{+YYYY.MM.dd} to stop it from create the metadata index.
When I refresh the field list from management, the Packetbeat Dashboard which used to work, will cease to work.
Did you manually add that to your logstash config? I don't think the import_dashboards script would have created that index. I did find that pattern in our beats codebase but it looks like it's only for testing purposes. Are you running any tests?
Next time you get a blank page, let me know if you see any error output in the developer console of your browser. I suspect the issue was because you deleted your default index. You have to go to Management and select another index as the default. There have been some reported issues that sound similar to yours around this scenario (see Allow to redefine the default index when not found · Issue #9028 · elastic/kibana · GitHub and Kibana does not open well if the default index does not exist · Issue #8702 · elastic/kibana · GitHub).
I'm still not sure why the packetbeat dashboard wouldn't work after refreshing the field list. Which version of the stack are you running? 5.1.1?
@zacesa I suspect that a field in one of the visualizations in the dashboard is missing it's type.
If you go to Management and sort by type, do you have any fields missing a type? If so, are any of these fields being used in the visualizations on the dashboard that is throwing the error?
If you click edit to edit the field, then choose the appropriate type for the field, and save it, I think that should force the type field to be filled in. Let me know if that helps at all.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
