Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] query_string queries fail because index.query.default_field set to message for metric indices #89357

Closed
simianhacker opened this issue Jan 26, 2021 · 2 comments · Fixed by #91791
Closed

[Fleet] query_string queries fail because index.query.default_field set to message for metric indices #89357

simianhacker opened this issue Jan 26, 2021 · 2 comments · Fixed by #91791
Assignees
@jen-huang
Labels
bug Fixes for quality problems that affect the customer experience Feature:Fleet Fleet team's agent central management project Team:Fleet Team label for Observability Data Collection Fleet team

Comments

@simianhacker
Copy link
Member

Kibana version:
master

Elasticsearch version:
master

Server OS version:
Mac OS X

Describe the bug:

The index setting index.query.default_field is set to message for all the metric indices. This causes issues with query string queries because message is not an available field for metric indices. This means the data is unusable inside Grafana, discovered originally by @jamiesmith.

Steps to reproduce:

  1. Setup agent and start sending system data
  2. Run the following request in the Dev Console:
GET metrics-*/_search
{
  "query": {
    "query_string": {
      "analyze_wildcard": true, 
      "query": "*"
    }
  }
}

Expected behavior:

The query above should return data.

Screenshots (if relevant):

image

Any additional context:

Here is the code that needs to change: https://github.com/elastic/kibana/blob/master/x-pack/plugins/fleet/server/services/epm/elasticsearch/template/template.ts#L311
@simianhacker simianhacker added bug Fixes for quality problems that affect the customer experience Feature:Fleet Fleet team's agent central management project labels Jan 26, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Feature:Fleet)

@neptunian neptunian added the Team:Fleet Team label for Observability Data Collection Fleet team label Jan 27, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/ingest-management (Team:Ingest Management)

@jen-huang jen-huang self-assigned this Feb 18, 2021
@jen-huang jen-huang mentioned this issue Feb 18, 2021
Merged
@felixbarny felixbarny mentioned this issue Sep 1, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jen-huang jen-huang

Labels
bug Fixes for quality problems that affect the customer experience Feature:Fleet Fleet team's agent central management project Team:Fleet Team label for Observability Data Collection Fleet team
Projects
None yet
Milestone
No milestone
4 participants
@simianhacker @neptunian @jen-huang @elasticmachine