search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.8k stars 8.19k forks source link

Persistent DataView Error in Elastic Security Dashboard - "Could not locate that data view (id: c5085743-9c9f-4e3a-a97d-15e61407cadd)" #162999

Open akash0009922 opened 1 year ago

akash0009922 commented 1 year ago

Describe the bug: I am encountering a persistent DataView Error in the Elastic Security Dashboard. The exact error message is: "Could not locate that data view (id: c5085743-9c9f-4e3a-a97d-15e61407cadd)". The logs are sent through Logstash to Elasticsearch and are visible in the Kibana Discover section, but they do not appear in the Elastic Security section. When attempting to create the missing data view, the same error message is displayed.

Persistent DataView Error in Elastic Security Dashboard - "Could not locate that data view (id: c5085743-9c9f-4e3a-a97d-15e61407cadd)"

Kibana/Elasticsearch Stack version:

Elasticsearch and Kibana version: 8.9

Server OS version:

OS: Windows 10 Pro

Browser and Browser OS versions: Google Chrome : Version 115.0.5790.110 (Official Build) (64-bit)

Elastic Endpoint version: N/A

Original install method (e.g. download page, yum, from source, etc.):

Elastic Stack was downloaded directly from the Elastic website.

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

Steps to reproduce:

  1. .Send logs from Logstash to Elasticsearch.
  2. Verify that the logs have been successfully received in Kibana's discover section.
  3. Attempt to create an ad-hoc data view in the Elastic Security Dashboard.
  4. Encounter the error "Could not locate that data view, click here to re-create it."
  5. Delete the data view and attempt to recreate it, but encounter the same error again.

Current behavior:

When attempting to view logs in Elastic Security, a "Could not locate that data view" error is displayed. Creating the missing data view as suggested by the error message does not resolve the issue and the same error message is displayed.

Expected behavior:

Logs sent to Elasticsearch through Logstash should be visible in the Elastic Security section.

Screenshots (if relevant): Report 1

Stream Report 3 Report 2

Attached

Errors in browser console (if relevant):

Could not locate that data view (id: c5085743-9c9f-4e3a-a97d-15e61407cadd)

Provide logs and/or server output (if relevant):

Any additional context (logs, chat logs, magical formulas, etc.):

I am using the free version of the Elastic Stack and this issue is preventing me from proceeding with my project. The issue persists even after downloading and installing the latest versions of Elasticsearch and Kibana.

elasticmachine commented 1 year ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 1 year ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)

elasticmachine commented 1 year ago

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)