Kibana default index settings

If you’ve started using Kibana just recently the chance is you create dashboards from the blank one which at least in versions 3.1.0 has the _all index specified by default very high.

It causes some issues with elasticsearch which in turn starts generating loads of log entries like:

Caused by: Facet [terms]: failed to find mapping for dst_host.raw


Caused by: Facet [0]: (key) field [@timestamp] not found

To fix it simply go to the dashboard settings and on Index tab switch Timestamping to day and set Index pattern to [logstash-]YYYY.MM.DD

Additional resources: