If you’ve started using Kibana just recently the chance is you create dashboards from the blank one which at least in versions 3.1.0 has the _all index specified by default very high.
It causes some issues with elasticsearch which in turn starts generating loads of log entries like:
Caused by: org.elasticsearch.search.facet.FacetPhaseExecutionException: Facet [terms]: failed to find mapping for dst_host.raw
or
Caused by: org.elasticsearch.search.facet.FacetPhaseExecutionException: Facet [0]: (key) field [@timestamp] not found
To fix it simply go to the dashboard settings and on Index tab switch Timestamping to day and set Index pattern to [logstash-]YYYY.MM.DD
Additional resources:
Advertisements
