Kibana default index settings

If you’ve started using Kibana just recently the chance is you create dashboards from the blank one which at least in versions 3.1.0 has the _all index specified by default very high.

It causes some issues with elasticsearch which in turn starts generating loads of log entries like:

Caused by: org.elasticsearch.search.facet.FacetPhaseExecutionException: Facet [terms]: failed to find mapping for dst_host.raw

or

Caused by: org.elasticsearch.search.facet.FacetPhaseExecutionException: Facet [0]: (key) field [@timestamp] not found

To fix it simply go to the dashboard settings and on Index tab switch Timestamping to day and set Index pattern to [logstash-]YYYY.MM.DD
kibana-index-settings

Additional resources:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s