Search code examples
elasticsearchkibanakibana-4

Documents and timestamp exists, but Kibana doesn't show any results in "Discover" tab

enter image description hereI have a few documents in my elasticsearch engine:

  1. In Kibana, I've successfully created an index pattern, including a suggested time-field.

  2. When searching documents in the last 5 years - can't find anything.

  3. If i'm creating the index pattern without a time-field - I can see all documents.

  4. Each _source content has document.

I'm really desperate, can anyone assist ?

EDITED

Mapping:

{ "settings" : { "number_of_shards" : 1 }, "mappings" : { "monitor" : { "properties" : { "ProcessName": { "type": "string", "index": "analyzed" }, "OpName": { "type": "string", "index": "analyzed" }, "Domain": { "type": "string", "index": "not_analyzed" }, "TraceType": { "type": "string", "index": "not_analyzed" }, "TraceDateTime": { "type": "date", "format": "yyyy-MM-dd HH:mm:ss" }, "ApplicationCode": { "type": "string", "index": "not_analyzed" }, "SrcMessageID": { "type": "string", "index": "not_analyzed" }, "ProcessID": { "type": "string", "index": "not_analyzed" }, "OpID": {"type": "string", "index": "not_analyzed" }, "OpParentID": { "type": "string", "index": "not_analyzed" }, "HostName": { "type": "string", "index": "not_analyzed"} } } } }

Document example:

{
        "_index": "monitors",
        "_type": "monitor",
        "_id": "AVPkvD3YnwEx8EXuppEN",
        "_score": 1,
        "_source": {
          "ProcessName": "myapp",
          "OpName": "myop",
          "Domain": "mydomain",
          "TraceType": "Info",
          "TraceDateTime": "2016-04-05 07:44:15",
          "ApplicationCode": "71",
          "SrcMessageID": "35e291e9-10ad-47a2-8ce8-935cebc62b26",
          "ProcessID": "a017afa9-c541-4424-bc63-c83a3d8830e0",
          "OpID": "84267eed-38db-4d84-88c4-f46d148e494a",
          "HostName": "myHost"
        }

EDITED 2

{"index":[".kibana-devnull"],"ignore_unavailable":true}
{"size":500,"sort":[{"TraceDateTime":{"order":"desc","unmapped_type":"boolean"}}],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647},"query":{"filtered":{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":{"bool":{"must":[{"range":{"TraceDateTime":{"gte":1301984031628,"lte":1459836831628,"format":"epoch_millis"}}}],"must_not":[]}}}},"aggs":{"2":{"date_histogram":{"field":"TraceDateTime","interval":"1M","time_zone":"Asia/Jerusalem","min_doc_count":0,"extended_bounds":{"min":1301984031627,"max":1459836831627}}}},"fields":["*","_source"],"script_fields":{},"fielddata_fields":["TraceDateTime"]}
Solution

  • Issue was that I'm sending date-time in +03:00 GMT, and date-time is stored in elasticsearch as UTC timezone.