0

I have set up an index in elasticsearch, included its mapping have some data. When I make the GET request, I can check the contents as follows:

{
  "took": 5,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "failed": 0
  },
  "hits": {
    "total": 9,
    "max_score": 1,
    "hits": [
      {
        "_index": "flights",
        "_type": "yatra",
        "_id": "AU5tQ5QxEVKx_FDBBqf9",
        "_score": 1,
        "_source": {
          "go_duration": 13.5,
          "return_arrival_time": "2015-09-26 09:55:00",
          "go_arrival_city": " NRT ",
          "return_departure_city": "NRT",
          "cost": 44594,
          "return_duration": 11.5,
          "_timestamp": "2015-07-08T19:43:42.254412",
          "return_departure_time": "2015-09-25 18:40:00",
          "return_arrival_city": " PNQ ",
          "go_departure_time": "2015-09-16 20:00:00",
          "go_arrival_time": "2015-09-17 13:20:00",
          "airline": "Jet Airways",
          "go_departure_city": "PNQ"
        }
      },
      {
        "_index": "flights",
        "_type": "yatra",
        "_id": "AU5tRPJuEVKx_FDBBqgF",
        "_score": 1,
        "_source": {
          "go_duration": 13.5,
          "return_arrival_time": "2015-09-26 09:55:00",
          "go_arrival_city": " NRT ",
          "return_departure_city": "NRT",
          "cost": 44594,
          "return_duration": 11.5,
          "_timestamp": "2015-07-08T19:45:11.917928",
          "return_departure_time": "2015-09-25 18:40:00",
          "return_arrival_city": " PNQ ",
          "go_departure_time": "2015-09-16 20:00:00",
          "go_arrival_time": "2015-09-17 13:20:00",
          "airline": "Jet Airways",
          "go_departure_city": "PNQ"
        }
      }
    ]
  }
}

Now, I have also configured kibana to use with ElasticSearch. Following is the snapshot from kibana. Kibana Settings tab

I created a "_timestamp" field in Settings->Advanced->metaFields. So I created the new index with "_timestamp" field and " Index contains time-based events" field checked . I have set the timestamp to "Last 60 days". But I still cannot see the data. What am I missing?

kosta
  • 4,302
  • 10
  • 50
  • 104
  • Why have you added that `_timestamp` field, that belongs to `_source` (so, it's not the usual `_timestamp`), to the meta-fields list? That is a normal field, not a `meta` one. – Andrei Stefan Jul 08 '15 at 12:58
  • I remove the `_timestamp` field from `metaFields` list and I can see some results. However, I want the X-axis to be the `timestamp` field and then draw a `bar-chart` with `cost` as the Y-axis. How can I do that? Sorry if its diverting from the original question. – kosta Jul 08 '15 at 14:37
  • https://www.elastic.co/guide/en/kibana/current/vertical-bar-chart.html – Andrei Stefan Jul 08 '15 at 14:43

1 Answers1

0

I had faced exactly same issue. Creating a new field timsestamp didn't help.

So, my approach to the issue -

1.> Looked at the server status, if it was running or not.

For me it was server was up and running

2.> I looked at the previous day records to find out when did kibana go down.

So I saw, after latest deployment on production environment, Kibana didnt get any logs

3.> So since the server is fine, making new index didnt help. So, i thought now the problem might be with elasticsearch. But elasticsearch indexes logs that it gets from logstash.

So I went into my salt master and firstly, checked whether all the services were running or not. They were all running. Next I stopped logstash and elastic search and killed or java processes. And after further investigating the indexes I saw the indexes were corrupted. Restarting the services again worked and everything went well.

WHY DID THIS HAPPEN ?

This happened because someone or something had caused a abrupt stopping and restarting of the instance.

Golokesh Patra
  • 578
  • 8
  • 24