Kibana not showing some of the documents from elasticsearch - even though they exist
Question
I have an elasticsearch and kibana setup, I'm sending documents to elasticsearch and I get back a 201 created, when I query the id of the document directly (curl to the elasticsearch API) I get back the result:
# curl elasticsearch.metrics:9200/falco/_doc/1559716938212262231-1
{"_index":"falco","_type":"_doc","_id":"1559716938212262231-1","_version":1,"_seq_no":1096,"_primary_term":1,"found":true,"_source":{ "priority": "Info", "output": "test", "rule": "test", "output_fields": { "test": "test", "evt.time": "1559716938212262231" }}}
However, this document (and many others) does not appear in kibana.
That's not to say that nothing appears in kibana, I do see some of the documents there, even documents newer than my test appear.
Why might that be?
1 answers
solution1
1 ACCPTED 2019-06-11 22:06:17
In order to display documents in the diacovery tab for example, kibana narrows down to all documents within the selected time range in the time picker (upper right corner). You also have a index pattern selected, which have a time field defined (@timestamp in most of the cases).
So Kibana searches for documents with a value within the selected time range in the configured time field for the currently selected index pattern.
If you data lacks in a @timestamp field you can easily create a different index pattern using a different date field present in all of you docs. If there's none, conisider enriching your documents with such one.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.