Index Alias in Elastic Security (Network Map) [7.9.2]

RdrgPorto · April 29, 2021, 9:10am

Hi, everyone

I have a SonicWall index (firewall device) that has the index alias Elastic Security.

In Kibana --> Advanced Settings --> Elasticsearch indices -> securitySolution:defaultIndex

However, it does not work properly in Network, it does not show GeoIP information:

If I set indivual index-pattern instead of alias in securitySolution:defaultIndex , it works.

It seems Network map dashboard ignores the index alias (in this case elastic-security).

I would like to use an index alias for Elastic Security because I have many index and I think it would be more agile.

Thanks in advance,

Rodrigo

legoguy1000 · April 30, 2021, 12:14am

an alias is just a shortcut, for that config item it needs a specific index name or use the wildcard pattern. Look at how the default index patterns are for that setting.

RdrgPorto · April 30, 2021, 8:01am

Hi @legoguy1000

Thanks . However, it is a pity, from my point of view, it would be a nice feature can use an alias.

Regards

legoguy1000 · April 30, 2021, 11:16am

No problem. Depending on your index names u should just be able to do elastic-security-* and be good.

Topic		Replies	Views
Create visualisation with alias as index Kibana	3	1195	December 8, 2018
Index pattern with alias name Elasticsearch	1	445	November 5, 2018
Can kibana uses alias for index pattern? Kibana	6	21317	July 6, 2017
Indexing document using specified index alias Elasticsearch	2	836	November 10, 2017
Index alias as Index name Kibana	2	541	July 13, 2017

Index Alias in Elastic Security (Network Map) [7.9.2]

Related topics