Kibana doesn't show any results in "Discover" tab

elasticsearch kibana-4

I setup elasticsearch and Kibana for indexing our application (error) logs. The issue is that Kibana doesn't display any data in the "Discover" tab.

Current situation

  • Elasticsearch is up and running, responds to API
  • executing a query directly on Elasticsearch like http://elasticserver.com:9200/applogs/_search?q=* returns lots of results (see below on how a single found record looks like)
  • Kibana is up and running, even finds the applogs index exposed by Elasticsearch
  • Kibana also shows the correct properties and data type of the applogs documents
  • "Discover" tab doesn't show any results...even when setting the time period to a couple of years...

Any ideas??

Here's how Kibana sees the applogs index:

enter image description here

Elastic search query result object looks like this:

{
_index: "applogs",
_type: "1",
_id: "AUxv8uxX6xaLDVAP5Zud",
_score: 1,
_source: {
   appUid: "esb.Idman_v4.getPerson",
   level: "trace",
   message: "WS stopwatch is at 111ms.",
   detail: "",
   url: "",
   user: "bla bla bla",
   additionalInfo: "some more info",
   timestamp: "2015-03-31T15:08:49"
 }
},

..and what I see in the discover tab:

enter image description here


For people who have a problem like this:

Change time frame in top right corner.

By default it shows data only for last 15 min.


I wanted to put this as a comment but unfortunately, I am not able to given my deficient repo to do so. So as @Ngeunpo suggested, this is how you add a time field to an index while creating it:enter image description here. If you did not do that while creating your index, I suggest you delete that index and recreate it. The index name logstash-* in the gif is analogous to your index applogs. In this case, field @timestamp is added as the time field. Let me know if this works.

EDIT: Image courtesy: This wonderful ELK setup guide


Kibana does not understand the timestamp field, if it's format is incorrect.Timestamp, which you selected by clicking on Time-field name when Configure an index pattern, need to be : 

"timestamp":"2015-08-05 07:40:20.123"

then you should update your index mapping like this:

curl -XPUT 'http://localhost:9200/applogs/1/_mapping' -d'
{
  "1": {
    "timestamp": {
      "enabled": true,
      "type": "date",
      "format": "yyyy-MM-dd HH:mm:ss.SSS",
      "store": true
    }
  }
}'

See this question and answer

UPDATE

If you are using ES 2.X, you can set the "format" to "epoch_millis" like this: 

curl -XPUT 'http://localhost:9200/applogs/1/_mapping' -d'
{
  "1": {
    "timestamp": {
      "type": "date",
      "format": "epoch_millis",
      "store": true,
      "doc_values": true
    }
  }
}'

Related

Count unique values using pandas groupby
Reading PDF content with itextsharp dll in VB.NET or C#
How to count all files inside a folder, its subfolder and all . The count should not include folder count [closed]
Java equivalent of PHP's implode(',' , array_filter( array () ))
How can I merge two STL maps?
Activate tabpage of TabControl
How to cast from List<Double> to double[] in Java?
server returned error on SASL authentication step: Authentication failed
Django error message "Add a related_name argument to the definition"
Html.EditorFor Set Default Value
Pythonic way to check if something exists?
Could not load file or assembly 'Microsoft.Web.Infrastructure,