I just wanted to add that now I tried to do the same in cURL (at least I thought it would be same):
curl -XGET 'http://es:9200/filtered1-*/_search?pretty' -d '
> {
> "query" : {
> "query_string": {
> "query": "ls_host.raw:mvs-ls"
> }
> },
> "sort": [
> {
> "@timestamp": {
> "order": "desc"
> }
> }
> ]
> }'
{
"took" : 2879,
"timed_out" : false,
"_shards" : {
"total" : 6,
"successful" : 6,
"failed" : 0
},
"hits" : {
"total" : 0,
"max_score" : null,
"hits" : [ ]
}
}
As you can see, the query returned no hits as expected. Is there an explanation for the fact that Kibana returned results from the index directly as if it was bypassing the alias?