I am using filebeat, elasticsearch, kibana to ship and view logs on ec2.
all the three services are working fine and I am able to see the logs on kibana.
But when i try to search in these logs, the result is not displayed.
As we can see in the previous screenshot we have "WARNING" keyword but when I am searching it, it is not displayed.
Also the full json look like this.
Try searching for message: *exists*. Without the wildcards the string needs to do an exact match.
I am getting below error while opening elastic cloud URL
Error
at Fetch._callee3$ (https://id.eastus2.azure.elastic-cloud.com:9243/bundles/commons.bundle.js:3:232)
at l (https://id.eastus2.azure.elastic-cloud.com:9243/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:288:970406)
at Generator._invoke (https://id.eastus2.azure.elastic-cloud.com:9243/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:288:232)
at Generator.forEach.e.<computed> [as next] (https://id.eastus2.azure.elastic-cloud.com:9243/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:288:970763)
at asyncGeneratorStep (https://id.eastus2.azure.elastic-cloud.com:9243/bundles/commons.bundle.js:3:3991504)
at _next (https://id.eastus2.azure.elastic-cloud.com:9243/bundles/commons.bundle.js:3:3991815)
Also after this I am reloading the elastic cloud, getting below error :
{"statusCode":503,"error":"Service Unavailable","message":"No shard available
for [get [.kibana][_doc][space:default]: routing [null]]:
[no_shard_available_action_exception] No shard available for [get [.kibana][_doc][space:default]: routing [null]]"}
Can aanyone please help
The first error message doesn't sound very helpful, but in the second one it's clear that the .kibana index is missing. Do you know why that might have happened there? I would generally look at the following options:
If you were using Kibana already and need to restore some visualizations or dashboards, do a partial restore from a snapshot.
If you are ok to start over, restart Kibana (potentially remove it from your deployment and then add it again). That should generally recreate the .kibana index.
If none of that works, contact support.
I am running elastic search 7.6 it is working ok on http://localhost:9200/ . I am able to use the REST API to add values to index.
Now when i start up kibana 7.6, i get following error:-
log [12:31:32.247] [info][plugins-service] Plugin "case" is disabled.
log [12:31:44.432] [info][plugins-system] Setting up [36] plugins: [taskManager,siem,licensing,infra,encryptedSavedObjects,code,timelion,features,security,usageCollection,metrics,canvas,apm_oss,translations,reporting,status_page,share,uiActions,data,navigation,newsfeed,kibana_legacy,management,dev_tools,home,spaces,cloud,graph,inspector,expressions,visualizations,embeddable,advancedUiActions,dashboard_embeddable_container,eui_utils,bfetch] log [12:31:44.435] [info]
log [12:31:44.587] [info][savedobjects-service] Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations...
log [12:31:44.617] [info][savedobjects-service] Starting saved objects migrations log [12:31:44.657] [info][savedobjects-service] Creating index .kibana_1.
log [12:31:44.663] [info][savedobjects-service] Creating index .kibana_task_manager_1.
log [12:32:14.663] [warning][savedobjects-service] Unable to connect to Elasticsearch. Error: Request Timeout after 30000ms
Unable to connect to Elasticsearch. Error: Request Timeout after
30000ms
I've got same problem like yours, and I've sloved it by switching cmd prompt window to PowerShell window. It seems that command prompt window is very sensitive. You may get some idea here. https://discuss.elastic.co/t/kibana-7-4-0-on-windows-command-prompt-not-able-to-start/203877/7
BTW, If you get a warning when you restart Kibana, like:
log [06:27:47.136] [warning][savedobjects-service] Unable to connect to Elasticsearch. Error: [resource_already_exists_exception] index [.kibana_task_manager_1/EmPx77s1TLWbLQdqQ8iC0w] already exists, with { index_uuid="EmPx77s1TLWbLQdqQ8iC0w" & index=".kibana_task_manager_1" }
log [06:27:47.140] [warning][savedobjects-service] Another Kibana instance appears to be migrating the index. Waiting for that migration to complete. If no other Kibana instance is attempting migrations, you can get past this message by deleting index .kibana_task_manager_1 and restarting Kibana.
Just do what it told you, delete the index .kibana_task_manager_1 and restart Kibana.
curl -XDELETE http://localhost:9200/.kibana_task_manager_1
Good Luck.
I setup an Elasticsearch Kibana stack with xpack.
from the built-in user, i logged in to the account and created a kibana_user and a kibana_dashboard_only user.
When i logged in, the login was successful in both the users but when i go to the dashboards or discover,
Im getting an
error in visualization internal server error
pop up error.
Why is this and how can i fix this?
All actions work fine with the built-in elastic user account.
Please help me.
You also need to give that user read access to the .kibana index
I am currently using Elastic Cloud to store my AWS CloudWatch logs. Everything seems to work fine as I'm already able to display charts and to query ElasticSearch correctly. Yet, I got a strange behavior I can't explain.
I am logging some events from my app. Let's say request_start and request_end. They are both available on Kibana. Yet, I'm also logging another event, let's say request_middle. I can see it on CloudWatch.
When checking in the Discover tab of Kibana, I don't see this event. I tried event:"request_middle" query, in vain. And if I display a list of all events under this same tab, I get a full list, except request_middle.
I tried to query directly Elastic Search, in case of. But no results as well.
Have some of you already encountered such a case? If so, how did you fix it?