TechQA.

Unable to fetch mapping. Do you have indices matching the pattern? Windows

5.3k views Asked by At

I am new to ELK and recently installed ELK on Windows Server 2008 and on Windows 7 machine.

But on both the places if I open Kibana then will get a message below "Unable to fetch mapping. Do you have indices matching the pattern?"

My logstash confiuration file looks like

input { 
 file {
 type => "AppLog"
    path => "D:/LogFiles"
    }
   }
 filter {
     mutate {
      add_field => [ "hostip", "%{host}" ]
               }
    dns {
       reverse => [ "host" ]
       action => replace
       }
        }

    output {
         elasticsearch {
           host => "localhost"
           protocol => "http"
           codec => rubydebug
             }
         }

This URL returns "{"error":"IndexMissingException[[logstash-] missing]","status":404}"

http://localhost:5601/elasticsearch/logstash-/_mapping/field/*?ignore_unavailable=false&allow_no_indices=false&include_defaults=true

Could anyone please help me?

Thanks & regards, Narulcde.

elasticsearch logstash kibana
Original Q&A
2

There are 2 answers

8
Or Weinberger On

It seems that Kibana is trying to query an index named logstash- and it doesn't exist, you can go to Kibana's settings and remove that index and add a new one with a wildcard logstash-*.

1
BrentShinn On

I believe it means that you aren't receiving any logs. Did you setup any forwarders? If you did, then check the logs on the servers where you installed the forwarder. Logstash will show this error if that's the problem.

For me, when I had this error, I was using the IP for the certificate when the cert was created with the DNS name. I changed the configuration for the forwarder to point to the DNS name and then restarted the forwarder and it then worked.

"servers": [ "10.37.37.227:5000" ],

TO

"servers": [ "logstash.mynetwork.local:5000" ],

Of course, you'll want to use your DNS name, not mine :)

On another server I was setting up, I forgot to move the cert to /etc/pki/tls/certs/.

You can tail the log on the client where you're installing (or have installed) the forwarder:

tail -f /var/log/logstash-forwarder/logstash-forwarder.err

Related Questions in ELASTICSEARCH

Related Questions in LOGSTASH

Related Questions in KIBANA

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions