Why can't kibana deployed in Windows display all the data that satisfies the condition

Hello, I found that the kibana I deployed in Windows cannot display all the data that meets the criteria. When I refreshed discover in Kibana, I found that there was a new record showing, but one of the records was missing. It seems kibana displaying is unstable. Could you give me some suggestions on this issue? How do I set up kibana to stabilize the data display? Looking forward to your help. Thanks!

I can help you narrow down the problem, but you haven't provided enough details to get specific.

  • The problem is not Windows
  • Elasticsearch always takes some amount of time to index documents
  • What exactly is the problem in Discover?

Hi, my logstash keeps running as a service and it updates data every minute. If there is no new data in my database, the document count in index will not change, but the storage size is changing all the time. I guess it is because logstash keeps refreshing the data in the background, right?
There are a total of 6 records of data I want to query in discover, and these 6 records of data will not be updated in the database, sometimes I cannot see all 6 pieces of data in the discover and sometimes I can.
I created two index patterns pointing to the same index, and their time filter field names are different,but they are both data of 2020. I found that in disover, the total amount of data of the two index patterns about 2020 is different. Why?
Looking forward to your help.

Best regards
Echo

Kibana creates a time range filter against the time field you've defined, so if you are seeing different data when filtering by one time field or another, it suggests that something about the time fields is different. Have you verified that the docvalue_fields for each document show that the dates are parsed correctly?

Yes, I set the time filter in both index patterns to the same time, but the data amount of the two indexes is still different.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.