Search results do not include the expected z/OS data

In Kibana, the search results do not include the expected z/OS® data.

If data that is issued in a z/OS logical partition (LPAR) is not shown in Kibana, the following steps can help you determine possible causes.

Step 1: Verify that Logstash is running

Run the following commands to verify that Logstash is using the default port that is specified in the B_cdpz.conf file:
On Linux® systems
netstat -an | grep 8080
If the type of your Logstash image is .deb or .rpm, you can also use the following command:
service logstash status
On Windows systems
netstat -an | find "8080"

Step 2: Verify that Elasticsearch has no errors

Check the elasticsearch.log file for any errors that indicate problems with the network connection, data ingestion, incorrect mapping, or an incorrect template.
On Linux systems
If the type of your Logstash image is .tar.gz or .zip, run the following command to open the elasticsearch.log file:
cat YOUR_EXTRACTION_PATH/logs/elasticsearch.log
If the type of your Logstash image is .deb or .rpm, run the following command to open the elasticsearch.log file:
cat /var/logs/elasticsearch/elasticsearch.log
On Windows systems
Use Notepad to open the YOUR_EXTRACTION_PATH/logs/elasticsearch.log file.

Step 3: Verify that data is being received from Z Common Data Provider

Verify that data is being received by Logstash and written to Elasticsearch.
On Linux systems
To verify that data is being received by Logstash and written to Elasticsearch, run the following command:
curl ELASTICSEARCH_HOST/IP>:9200/_cat/indices
On Windows systems
To verify that data is being received by Logstash and written to Elasticsearch, open the following URL in a web browser:
http://ELASTICSEARCH_HOST/IP>:9200/_cat/indices

The output includes index names. Check for indices that start with zoa and end with a recent time stamp.

Complete the following steps, depending on whether data is being written to Elasticsearch:
If data is not being written to Elasticsearch
Check for Logstash error logs.
If data is being written to Elasticsearch
  1. Verify that IBM Z® Operational Log and Data Analytics is installed on the Elastic Stack platform.
  2. In Kibana, verify that you are searching within a valid time range.
  3. Verify that your index pattern is zoa-* and that this pattern is created automatically.
  4. In Kibana, verify that no warnings are indicated.