I deleted all my index patterns (I still have few indexes in elasticsearch, also visible from management in kibana). Right now I wanted to create new (first) index pattern, but there is message:
No default index pattern. You must select or create one to continue.
but I can't create one because of screen is only showing message above and:
Checking for Elasticsearch data
so basically, I need to have default index pattern to create one, but I can't assign any index to be default, because I don't have any index pattern :(
I am on Windows and I am using version 6.5.4 of Kibana and Elasticsearch.
Do you have any idea how to proceed?
Related
I created 3 indicies on my elastisearch opened up kibana and all those showed up on it. After a few days I created 2 more indicies and opened up my kibana but I only see those 3 indicies I created for the first time and not the new ones.
I tried searching for those indicies in Discover but nothing shows up.
Everything is running locally on my laptop
Has anyone faced this problem before?
In the Kibana Discover view, you don't see indexes, but index patterns, which are a way of grouping indexes together under a single logical name, similar to an alias.
For instance, if your index pattern is called my-index-* then you'll see all indexes called my-index-1, my-index-2, etc
If you create new indexes, the key is to use a name that will match the index pattern that you've created. If you create my-index-999 then it will be visible in the Discover view immediately without further action. If you create an index called another-index-1 then it will not be visible until you create an appropriate index pattern that matches this name.
I ran the following command to delete all indices to see changes on the Kibana:
$ curl -XDELETE localhost:9200/_all
after this operation, Kibana being not visualized Data. It is not working anymore.
I extracted new kibana folder and set up again all configuration and see the indices on the Dev Tools tab. But These indices are not showing in Discover tab.
Sefa.
You need to recreate your index pattern under Management -> Index Patterns — see the documentation for index patterns.
Your index should be logstash-* and the timestamp value #timestamp in the dropdown.
To get better understanding of your problem open the page in the console of your web browser. You will see the error as "some default index not found"
Kibana always loads on a default index. You have eliminated even that pattern.
So set the default index patter again and you will be good to go
I have a data source which will create a high number of entries that I'm planning to store in ElasticSearch.
The source creates two entries for the same document in ElasticSearch:
the 'init' part which records init-time and other details under a random key in ES
the 'finish' part which contains the main data, and updates the initially created document (merges) in ES under the init's random key.
I will need to use time-based indexes in ElasticSearch, with an alias pointing to the actual index,
using the rollover index.
For updates I'll use the update API to merge init and finish.
Question: If the init document with the random key is not in the current index (but in an older one already rolled over) would updating it using it's key
successfully execute? If not, what is the best practice to perform the update?
After some quietness I've set out to test it.
Short answer: After the index is rolled over under an alias, an update operation using the alias refers to the new index only, so it will create the document in the new index, resulting in two separate documents.
One way of solving it is to perform a search in the last 2 (or more if needed) indexes and figure out which non-alias index name to use for the update.
Other solution which I prefer is to avoid using the rollover, but calculate index name from the required date field of our document, and create new index from the application, using template to define mapping. This way event sourcing and replaying the documents in order will yield the same indexes.
Now the elasticsearch has many indexes. These indexes pattern like aaa-2016_12_14.log and bbb-2016_12_14.log and others. And it will generate new index everyday, it pattern will be the xxx-YYYY_mm_dd.I want the kibana can automatic import these index to the index pattern. These index patterns will similarly like the aaa,bbb and so on.
Thanks for your reply.
Yes you could do that by having a wildcard pattern for your indexes in Kibana. Make sure you create the index in Kibana with the same name which you've created the index in ES. Your index pattern in Kibana could look something like this:
aaa-2015* <-- this could create an index with all your months
aaa-2015-01* <--- this could create an index within a month
I'm not sure this works through out all the versions. Keep an eye on that. This SO might be helpful.
I have 2 indexes movie_indexer and trial_indexer.
I used the following command to delete movie_indexer:
curl -XDELETE "http://localhost:9200/movie_indexer/"
Then i reran Kibana. It still showed the index and its values.
When i used
curl -XDELETE "http://localhost:9200/.kibana"
after that trial_indexer was missing.
Note: After using latter command, i could create the index pattern for trial_indexer but not for movie_indexer.
I want to delete the specific index w/o the need to recreate an index pattern for undeleted indexes. How can i do that? (i'm using windows)
That's normal because Kibana will store an index pattern and the associated field settings from the mapping inside his own index called .kibana.
If you want to delete the movie_indexer index (containing the data) and the associated index pattern in Kibana (containing the Kibana settings for that index), you can do so by issuing two queries, namely the one you already did to delete the data
curl -XDELETE "http://localhost:9200/movie_indexer/"
and another one to delete the index pattern in Kibana, where pattern_name is the name you gave to the index pattern you wish to delete (by default it's the same name as your index, i.e. movie_indexer)
curl -XDELETE "http://localhost:9200/.kibana/index-pattern/pattern_name"
Note that you can also delete the index pattern directly in Kibana by going into Settings > Indices, then picking the index pattern you want and clicking on the "remove index pattern" button