0

I'm using a logstash plug-in for a Java app using logback to forward logs on to my logstash server. I've setup a filter definition as follows:

input { tcp { port => 2856 codec => json_lines } } filter { mutate { convert => { "tenantId" => "integer" "userId" => "integer" } } }

Logs are being forwarded on to Elasticsearch using the following config:

output { elasticsearch { hosts => ["127.0.0.1:9200"] user => "user" password => "secure" } }

The index is just going to logstash-, and when I inspect the mappings in Elasticsearch, I see the following:

 "logstash-2016.04.25" : { "mappings" : { "logs" : { "_all" : { "omit_norms" : true, "enabled" : true }, "properties" : { ... "userId" : { "type" : "long" }, "tenantId" : { "type" : "long" }, ... } } } }

So I can see that the fields are being set with an appropriate type, but they are neither analyzed nor defined as long values when I check Kibana. What am I missing?

Improve this question
4
  • Have you updated your mappings in Kibana? Do you have other indices which have the same fields, but different types? Commented Apr 25, 2016 at 21:06
  • I haven't touched Kibana at all actually, and no other indicies are created. I actually set this up on a clean server before any log data started flowing. What updates would I need to make on Kibana? Commented Apr 26, 2016 at 17:57
  • If these are new fields in an index, then you need to tell Kibana to refresh its field list (Settings -> Indices) so that it can use them when visualizing. Do you even see them when in Discover mode? Commented Apr 26, 2016 at 18:54
  • That was it. I just needed to refresh the Kibana index and all was well. If you post this as the answer, I'll accept it to give you the appropriate recognition. Thanks! Commented Apr 26, 2016 at 21:13

1 Answer 1

Reset to default
1

Assuming these are new fields in a given index, you'll need to tell Kibana to refresh it's field listing.

Reloading the Index Fields List

When you add an index mapping, Kibana automatically scans the indices that match the pattern to display a list of the index fields. You can reload the index fields list to pick up any newly-added fields.

Reloading the index fields list also resets Kibana’s popularity counters for the fields. The popularity counters keep track of the fields you’ve used most often within Kibana and are used to sort fields within lists.

To reload the index fields list:

  1. Go to the Settings > Indices tab.
  2. Select an index pattern from the Index Patterns list.
  3. Click the pattern’s Reload button.
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.