新建Elasticsearch索引无法在Kibana中查看及创建索引模式的问题
Hey Frank, let's work through this issue step by step — it's a common pitfall when setting up logging with Elastic and Kibana:
可能的原因及对应解决方案
1. 索引无数据,导致Kibana无法识别字段或创建索引模式
Kibana relies on having at least one document in an index to properly detect fields, especially when setting up a log index pattern which requires a time field. Try inserting a test document into your test42 index first:
POST test42/_doc/1 { "field1": "sample log entry", "@timestamp": "2024-05-20T12:30:00.000Z" }
Once you've added this, head back to Kibana and try creating the index pattern again — you should see test42 show up.
2. Yellow index status(副本分片未分配)
Your index shows yellow open because Elasticsearch can't assign a replica shard (this happens with single-node clusters, since replicas need another node to live on). While this doesn't block Kibana from seeing the index, it's good practice to fix it by setting the replica count to 0:
PUT test42/_settings { "number_of_replicas": 0 }
This will change the index status to green open.
3. Missing required time field for log index patterns
Log index patterns in Kibana require a date/time field (usually @timestamp) to function properly. Your original index mapping only has a text field — Kibana will block you from creating a log-focused index pattern without a date field. Update your index mapping to include one (or create a new index with this mapping):
PUT test42 { "settings": { "number_of_shards": 1, "number_of_replicas": 0 }, "mappings": { "_doc": { "properties": { "field1": { "type": "text" }, "@timestamp": { "type": "date" } } } } }
When creating the index pattern, select @timestamp as the time field, and Kibana will let you proceed.
4. Version mismatch between Elasticsearch and Kibana
Elastic requires that Elasticsearch and Kibana run the exact same version (e.g., 8.13.0 for both). If your versions are out of sync, you'll run into all sorts of indexing and visibility issues. Double-check your versions and align them if needed.
5. Kibana user permissions
If you're not using an admin user in Kibana, your account might lack the read or view_index_metadata permissions for the test42 index. Switch to an admin account temporarily to rule this out, or update your user's role permissions in Elasticsearch.
Walk through these steps, and you should be able to create your log index pattern as outlined in the tutorial.
内容的提问来源于stack exchange,提问作者Frank Mehlhop
