Kibana default index settings

If you’ve started using Kibana just recently the chance is you create dashboards from the blank one which at least in versions 3.1.0 has the _all index specified by default very high.

It causes some issues with elasticsearch which in turn starts generating loads of log entries like:

Caused by: org.elasticsearch.search.facet.FacetPhaseExecutionException: Facet [terms]: failed to find mapping for dst_host.raw

or

Caused by: org.elasticsearch.search.facet.FacetPhaseExecutionException: Facet [0]: (key) field [@timestamp] not found

To fix it simply go to the dashboard settings and on Index tab switch Timestamping to day and set Index pattern to [logstash-]YYYY.MM.DD
kibana-index-settings

Additional resources:

Advertisements