Kibana default index settings

If you’ve started using Kibana just recently the chance is you create dashboards from the blank one which at least in versions 3.1.0 has the _all index specified by default very high.

It causes some issues with elasticsearch which in turn starts generating loads of log entries like:

Caused by: Facet [terms]: failed to find mapping for dst_host.raw


Caused by: Facet [0]: (key) field [@timestamp] not found

To fix it simply go to the dashboard settings and on Index tab switch Timestamping to day and set Index pattern to [logstash-]YYYY.MM.DD

Additional resources:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s