3

I am currently using Elastic Cloud to store my AWS CloudWatch logs. Everything seems to work fine as I'm already able to display charts and to query ElasticSearch correctly. Yet, I got a strange behavior I can't explain.

I am logging some events from my app. Let's say request_start and request_end. They are both available on Kibana. Yet, I'm also logging another event, let's say request_middle. I can see it on CloudWatch.

When checking in the Discover tab of Kibana, I don't see this event. I tried event:"request_middle" query, in vain. And if I display a list of all events under this same tab, I get a full list, except request_middle.

I tried to query directly Elastic Search, in case of. But no results as well.

Have some of you already encountered such a case? If so, how did you fix it?

Jonathan Petitcolas
  • 4,254
  • 4
  • 31
  • 42
  • You checked it wasnot a refresh issue? You sure the events share a correct mappings with your index (take a look in elasticsearch log also, maybe an error occured) – LeBigCat Mar 14 '19 at 14:34
  • I refreshed both the Elastic Search index and Kibana index patterns, but it doesn't change anything. But `event` attribute is already taken into account, so I don't think that's an indexing issue. And nothing special in ES logs. :/ – Jonathan Petitcolas Mar 14 '19 at 15:08
  • 1
    same thing happening to me – Corey Mar 30 '19 at 05:09

0 Answers0