Log is not fetching in kibana from elastic search for logtrail

[rihtak06]

Hi, I am using kibana 6.5.0 and ES 6.5.0 when I see the log trial its only shows Oldest event reached.

Nov 24 20:32:35 service.go:310:  Adding new service port "logging/log-elasticsearch-client:http" at 172.22.10.82:9200/TCP
Nov 24 20:37:01 service.go:310:  Adding new service port "logging/log-kibana:" at 172.22.148.93:443/TCP

not fetching any other log this is the logtrail.json am using

{
  "version" : 2,
  "index_patterns" : [
    {      
      "es": {
        "default_index": "*"
      },
      "tail_interval_in_seconds": 10,
      "es_index_time_offset_in_seconds": 0,
      "display_timezone": "local",
      "display_timestamp_format": "MMM DD HH:mm:ss",
      "max_buckets": 500,
      "default_time_range_in_days" : 0,
      "max_hosts": 100,
      "max_events_to_keep_in_viewer": 5000,
      "default_search": "",
      "fields" : {
        "mapping" : {
            "timestamp" : "@timestamp",
            "hostname" : "hostname",
            "program": "source",
            "message": "message"
        },
        "message_format": "{{{message}}}",
        "keyword_suffix" : "keyword"
      },
      "color_mapping" : {
      }
    }
  ]
}

[sivasamyk]

You mean you can see only 2 events in logtrail? I see the default index is set *. Can you specify a proper index pattern? Also please share a sample document from Elasticsearch.

[rihtak06]

Elastic search sample document

{
  "_index": "logstash-2018.11.25",
  "_type": "fluentd",
  "_id": "7qE4S2cBRIp-MKDh1SkE",
  "_version": 1,
  "_score": null,
  "_source": {
    "log": "49.205.145.205 - [49.205.145.205] - - [25/Nov/2018:14:14:33 +0000] \"GET /nifi/images/iconInfo.png HTTP/2.0\" 200 414 \"https://a40e35c823a9ecfc11e897c406001bd322a-1054652316760.us-east-2.elb.amazonaws.com/nifi/\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36\" 33 0.002 [sw-mdm-nifi-8080] 10.0.101.150:8080 414 0.004 200 da001731d4b70451f889062c158d369a\n",
    "stream": "stdout",
    "docker": {
      "container_id": "90ebe1925c8e46742836d45cc6ffc1420a44eb5e66588f5cdb3da7e781053205"
    },
    "kubernetes": {
      "container_name": "nginx-ingress-controller",
      "namespace_name": "kube-ingress",
      "pod_name": "ingress-nginx-56968fb65d-trzrv",
      "pod_id": "0e4e5921-ecfc-11e8-a0a7-029a13c082e4",
      "labels": {
        "app": "ingress-nginx",
        "k8s-addon": "ingress-nginx.addons.k8s.io",
        "k8s-app": "nginx-ingress-controller",
        "pod-template-hash": "1252496218"
      },
      "host": "ip-10-0-103-203.us-east-2.compute.internal",
      "master_url": "https://172.22.1.1:443/api",
      "namespace_id": "0d79469a-ecfc-11e8-97c4-06001bd322ac",
      "namespace_labels": {
        "k8s-addon": "ingress-nginx.addons.k8s.io"
      }
    },
    "@timestamp": "2018-11-25T14:14:33.827576883+00:00",
    "tag": "kubernetes.var.log.containers.ingress-nginx-56968fb65d-trzrv_kube-ingress_nginx-ingress-controller-90ebe1925c8e46742836d4s5cc6ffc1420ssda44eb5e66588f5scdb3da7e781053205.log"
  },
  "fields": {
    "@timestamp": [
      "2018-11-25T14:14:33.827Z"
    ]
  },
  "sort": [
    1543155273827
  ]
}

logtrail.json I used is { "version" : 2, "index_patterns" : [ {
"es": { "default_index": "logstash*" }, "tail_interval_in_seconds": 10, "es_index_time_offset_in_seconds": 0, "display_timezone": "local", "display_timestamp_format": "MMM DD HH:mm:ss", "max_buckets": 500, "default_time_range_in_days" : 0, "max_hosts": 100, "max_events_to_keep_in_viewer": 5000, "default_search": "", "fields" : { "mapping" : { "timestamp" : "@timestamp", "hostname" : "beat.hostname", "program": "source", "message": "message" }, "message_format": "{{{message}}}", "keyword_suffix" : "keyword" }, "color_mapping" : { } } ] }

I have downgrade to kibana 4.3.2 and elastic search 4.3.2 but still same NO EVENTS FOUND

[hariram32]

latest of kibana and elastic 6.X working