Importing the wrong dashboards (No data)
Problem
When loading dashboards, you see the error: "The field associated with this object no longer exists in the data view. Please use another field,"
Reason #1: You have no data in your data platform
Go to stack management:
And confirm you see Indices and that they match the dashboard file you imported (ECS vs CODEX -- See Reason #2):
If you do not see ElastiFlow Indices like the above, you must troubleshoot the Unified Flow Collector and confirm that:
- It is running
- It is receiving flows on the expected port and is listening on that port
- The host-based firewall is not blocking these packets (common in Red Hat based Linux)
- The Unified Flow Collector has successfully connected to your data platform (OpenSearch, Elasticsearch etc..)
Reason #2: You've imported the wrong dashboards
There are two sets of dashboards that can be downloaded from: https://github.com/elastiflow/elastiflow_for_elasticsearch
How you configure the following setting in the Unified Flow Collector will determine which set of dashboards to import: EF_OUTPUT_ELASTICSEARCH_ECS_ENABLE=true/false EF_OUTPUT_OPENSEARCH_ECS_ENABLE=true/false https://docs.elastiflow.com/config_ref_output_elasticsearch#ef_output_elasticsearch_ecs_enable https://docs.elastiflow.com/config_ref_output_opensearch/#ef_output_opensearch_ecs_enable
If you set this flag to 'true' you will import the dashboard file with ECS in its filename:
If you set this flag to 'false' you will import the dashboard file (light or dark theme) with CODEX in its filename:
