I explain: I’ve correctly filled an Opensearch index using the bulk API. In fact, this index has a timestamp field which is correctly recognized when creating the index pattern in Dashboards. But if I select this field as the time reference, in Discover page I just can see “_source” field below “Selected fields” section and none below “Available fields”.
The thing is that if I don’t select any field as time reference when creating the index pattern, then in Discover page appear all the fields correctly but, of course, I haven’t any time reference as my timestamp field is only “one more field” like the others, so I can’t get any visual representation.
In summary: my index has all the fields inside _source field (including timestamp’s one) but I can’t access to them from Discover and I don’t know why.
Thanks a lot
NOTE: I’m using last Dashboard docker image currently available
I’m not sure what could be going on, but here’s a couple things I would try:
Try refreshing the Index Pattern in Opensearch Dashboards for the affected index pattern. :shrug:
Try searching the index with the _search API, and paste the result here, so others can see an example of a document in the index. My thought here is there might be something wrong with your indexing strategy, and the documents are not actually being indexed the way your expect.
Check the security-auditlog for any permission issues that might be coming from the Security plugin?
Check the log of your indexing mechanism and opensearch nodes to see if there is any evidence of indexing issues.
Hrmmm, uhh, I think it’s all working. I think you just gotta click that little carrot on the left of a document, to expand its view. The view you’re looking at is collapsed and you don’t have any specific fields toggled on.
Then, optionally, you can “Toggle column in table” icon next to some fields to customize your view in Discover for this session, or Saved Search. One of the fields you can toggle on is ‘timestamp’.
That’s not what I was looking for. What I want is having “timestamp” field as a time reference when creating the index pattern so that I can see in Discover page the automatic vertical bar graph showing counting of documents though the time. If I do that, I can’t choose any field, just the “_source” one is listed as a recognized field in Discover page
Thanks!
Is it a timeframe issue? The example data you’re working with has future dates, and very old dates, but the timeframe you have selected to work with is only the past 15 minutes.
Oh my God! It was that! Arbitrary timestamps too far away in the past or in the future make Dashboards react by not showing any “Available fields” in the list. Maybie it could be considered a Dashboard’s usability issue because it would first seem as an indexing problem but I recognize it has been my fault too. Thanks a lot for your patiente, @mhoydis !! THANKS!!
