Reputation: 387
Log created by custom watcher by "indexing action" , not visible in kibana observability log/stream
I have made a custom watcher with indexing action.
For this i created a index watcher-index using
PUT /watcher-index
{
settings:{
number_of_shards:3,
number_of_replicas:1
},
"mappings":{
"_default_":{
"@timestamp":{
"enabled":true,
"store":true
}
}
}
}
I mentioned in particular that @timestamp should be a default field. Now I mentioned the same in watcher definition -
{
"actions":{
"index":{
"index":"watcher-index"
}
}
}
Action runs successfully and document is created as I can see by GET /watcher-index/_search. However, it does not display in kibana observability log/stream. A GET /watcher-index/_search{"query":{"match":{"field":"@timestamp"}}} returns 0 hits:[]. How can I solve this issue? I am using version-8.6.2.
Upvotes: 0
Views: 385
Answers (1)
Reputation: 3580
Your query is looking for field name field and the value @timestamp.
Check with the following.
GET /watcher-index/_search
{
"query": {
"exists": {
"field": "@timestamp"
}
}
}
If you want to see your data in the observability section the index name needs to start with the following parameters.
logs-*,filebeat-*,kibana_sample_data_logs*
You can update it with the observability settings.
Upvotes: 0
Related Questions
- Elasticsearch: how to find a document by number in logs
- ElasticSearch REST API Aggregating Text Field
- Elastic Watcher not returning results
- No results match your search criteria in kibana with timestamp
- Change type and reindex in Elasticsearch
- Kibana displays "Searching...", displays no results. Confirmed data exists in ElasticSearch
- Timestamps and documents are not detected in Kibana
- Elasticsearch client NEST not storing timestamp