Reputation: 63
Kibana displays "Searching...", displays no results. Confirmed data exists in ElasticSearch
I am trying to build a new index, but I have run into some issues in Kibana. The Discover page has displayed "Searching..." for several hours now, on just a handful of data points. I think there may be an issue with the formatting?
The indices page shows that Average, Maximum, and Minimum are all numbers, analyzed= false, indexed= true . InstanceID, MetricName,Region are all string, analyzed and indexed = True. Timestamp is a date
Does any of this indicate what the issue may be?
Edit: Additional Info from Warning: "Doc values are not enabled on this field. This may lead to excess heap consumption when visualizing" ...AND... "This is an analyzed string field. Analyzed strings are highly unique and can use a lot of memory to analyze"
Edit 2: A few notes: My mappings do not seem to be working properly.
Invoke-RestMethod "$URI/mytestindex/t2credbal" -Method post -body '{
"mytestindex": {
"mappings": {
"t2credbal": {
"properties": {
"timestamp": {"type":"date"},
"minimum": {"type":"number", "index":"no", "fielddata": { "format": "doc_values" } },
"maximum": {"type":"number", "index":"no", "fielddata": { "format": "doc_values" } },
"average": {"type":"number", "index":"no", "fielddata": { "format": "doc_values" } }
} } } } }'
When I run the command above, my fields show up as mytestindex.mappings.t2credbal.properties.timestamp, instead of just timestamp
My values are reporting in as Records.Timestamp (per the command below), with the proper field type, so I do not feel that specifying the mappings are totally necessary in my case. However, Kibana is not able to search and analyze the data, although it is listed in ElasticSearch exactly as I anticipated.
$json= {Records: [
{
"Minimum": 280.91,
"Maximum": 280.97,
"Average": 280.94416666666672,
"Timestamp": "2015-04-27T13:12:00Z",
"InstanceID": "i-65e2b951",
"MetricName": "CPUCreditBalance",
"Region": "eu-west-1"
}
Invoke-RestMethod "$URI/mytestindex/t2credbal/" -Method Post -Body $json -ContentType 'application/json'
EDIT #3
I adjusted the timestamp format to one that has worked for me in my other index; however I am getting the following errors upon trying to visualize the timestamp field:
Error: Request to Elasticsearch failed: {"error":"SearchPhaseExecutionException[Failed to execute phase [query], all shards failed; shardFailures {[S73SynuOQzW4NKbwPN7tTg][mytestindex][0]: SearchParseException[[mytestindex][0]:
query[ConstantScore(*:*)],from[-1],size[0]: Parse Failure [Failed to parse source [{\"size\":0,\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"aggs\":{\"1\":{\"date_histogram\":{\"field\":\"Records.Timestamp\",\"interval\":\"0ms\",\"pre_zone\":\"-04:00\",\"pre_zone_adjust_large_interval\":true,\"min_doc_count\":1,\"extended_bounds\":{\"min\":1430158024806,\"max\":1430158924806}}}}}]]]; nested:
ElasticsearchIllegalArgumentException[Zero or negative time interval not supported]; }{[S73SynuOQzW4NKbwPN7tTg][mytestindex][1]: SearchParseException[[mytestindex][1]: query[ConstantScore(*:*)],from[-1],size[0]: Parse Failure [Failed to parse source [{\"size\":0,\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"aggs\":{\"1\":{\"date_histogram\":{\"field\":\"Records.Timestamp\",\"interval\":\"0ms\",\"pre_zone\":\"-04:00\",\"pre_zone_adjust_large_interval\":true,\"min_doc_count\":1,\"extended_bounds\":{\"min\":1430158024806,\"max\":1430158924806}}}}}]]]; nested:
ElasticsearchIllegalArgumentException[Zero or negative time interval not supported]; }{[S73SynuOQzW4NKbwPN7tTg][mytestindex][2]: SearchParseException[[mytestindex][2]: query[ConstantScore(*:*)],from[-1],size[0]: Parse Failure [Failed to parse source [{\"size\":0,\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"aggs\":{\"1\":{\"date_histogram\":{\"field\":\"Records.Timestamp\",\"interval\":\"0ms\",\"pre_zone\":\"-04:00\",\"pre_zone_adjust_large_interval\":true,\"min_doc_count\":1,\"extended_bounds\":{\"min\":1430158024806,\"max\":1430158924806}}}}}]]]; nested:
ElasticsearchIllegalArgumentException[Zero or negative time interval not supported]; }{[S73SynuOQzW4NKbwPN7tTg][mytestindex][3]: SearchParseException[[mytestindex][3]: query[ConstantScore(*:*)],from[-1],size[0]: Parse Failure [Failed to parse source [{\"size\":0,\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"aggs\":{\"1\":{\"date_histogram\":{\"field\":\"Records.Timestamp\",\"interval\":\"0ms\",\"pre_zone\":\"-04:00\",\"pre_zone_adjust_large_interval\":true,\"min_doc_count\":1,\"extended_bounds\":{\"min\":1430158024806,\"max\":1430158924806}}}}}]]]; nested:
ElasticsearchIllegalArgumentException[Zero or negative time interval not supported]; }{[S73SynuOQzW4NKbwPN7tTg][mytestindex][4]: SearchParseException[[mytestindex][4]: query[ConstantScore(*:*)],from[-1],size[0]: Parse Failure [Failed to parse source [{\"size\":0,\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"aggs\":{\"1\":{\"date_histogram\":{\"field\":\"Records.Timestamp\",\"interval\":\"0ms\",\"pre_zone\":\"-04:00\",\"pre_zone_adjust_large_interval\":true,\"min_doc_count\":1,\"extended_bounds\":{\"min\":1430158024806,\"max\":1430158924806}}}}}]]]; nested:
ElasticsearchIllegalArgumentException[Zero or negative time interval not supported]; }]"}
at http://myurl.com/index.js?_b=5930:42978:38
at Function.Promise.try (http://myurl.com/index.js?_b=5930:46205:26)
at http://myurl.com/index.js?_b=5930:46183:27
at Array.map (native)
at Function.Promise.map (http://myurl.com/index.js?_b=5930:46182:30)
at callResponseHandlers (http://myurl.com/index.js?_b=5930:42950:22)
at http://myurl.com/index.js?_b=5930:43068:16
at wrappedCallback (http://myurl.com/index.js?_b=5930:20873:81)
at wrappedCallback (http://myurl.com/index.js?_b=5930:20873:81)
at http://myurl.com/index.js?_b=5930:20959:26
Edit #4
Fixed the timestamp format. Verified that the results are displayed as expected using the _search? syntax. Completely blew out and recreated my index, verified that all field names and types are correct. The Discover screen now displays "no results" instead of "Searching...". When I change the time interval from 15 minutes to any other value, I get the following:
Discover: Cannot read property 'indexOf' of undefined
TypeError: Cannot read property 'indexOf' of undefined
at Notifier.error (myurl/index.js?_b=5930:45607:23)
at Notifier.bound (myurl/index.js?_b=5930:32081:21)
at myurl/index.js?_b=5930:118772:18
at wrappedCallback (myurl/index.js?_b=5930:20873:81)
at myurl/index.js?_b=5930:20959:26
at Scope.$eval (myurl/index.js?_b=5930:22002:28)
at Scope.$digest (myurl/index.js?_b=5930:21814:31)
at Scope.$apply (myurl/index.js?_b=5930:22106:24)
at done (myurl/index.js?_b=5930:17641:45)
at completeRequest (myurl/index.js?_b=5930:17855:7)
Upvotes: 0
Views: 2130
Answers (1)
Reputation: 63
I was able to resolve the issue by correcting the date format in ElasticSearch. The Powershell convertto-json command in my script was converting a timestamp object to a date format that did not cooperate with Kibana. After setting the date format to yyyy-MM-hhThh:mm:ss , the issue of never-ending "Searching..." went away, but new problems arose.
Will be posting that issue separately.
Upvotes: 2
Related Questions
- Kibana doesn't show any results in "Discover" tab
- Failing to match/search in an index
- Kibana not showing some of the documents from elasticsearch - even though they exist
- Field exists (_exists_) query in Kibana does not return any results
- No results found on kibana -> discover
- Kibana not showing any data from Elasticsearch
- Kibana not populating results
- Documents and timestamp exists, but Kibana doesn't show any results in "Discover" tab
- Kibana doesn't see any of my data
- Kibana4 not showing any results