Hi forum,
I have 7 indexes on ES 2.4.1:
(...)
green open syslog_xxx-2016.11.15 5 1 101938408 0 27.1gb 13.5gb
green open syslog_xxx-2016.11.16 5 1 247859487 0 59.9gb 29.9gb
green open syslog_xxx-2016.11.17 5 1 236681353 0 66.6gb 33.4gb
green open syslog_xxx-2016.11.18 5 1 136261099 0 33.9gb 17.3gb
They are created by a logstash 2.3.1 process with a specific template.
I've mapped the index pattern on Kibana (syslog_xxx-*) containing time-based events associated with the correct @timestamp field.
When searching on Kibana, if my time range spans 2 indexes, only data from todays index (00h00 onward) is shown. With the same query with a time range within yesterday, it shows yesterday data.
It seems to me that it's not able to return results from 2 different indexes within the same index pattern with the same schema/fields.
Can anyone point me in the right troubleshooting direction?
PS: It's quite strange as I have another 3 or 4 index patters configured that also span multiple daily indexes and everything works great.
Many thanks
BR
Alex