Hello, I'm new to elastic, tell me if it's possible to do such a thing, create an index pattern, for example “index-*” without adding %{+YYYY.MM.dd} , but so that an index like this is automatically created on the onset of a new day - “index-2022.02.09” , and so every day, I need to do this to visualize the data, thanks in advance
Can you clarify where you want this index pattern?
To create dashboards, when the index is created by the day, you need to constantly change the index pattern, this is not very convenient, or is there a way to automate the replacement of the index, I will be grateful for the hint
Index pattern of “index-*” doesn't work?
Let me explain with a screenshot what I want, using the wazuh pattern as an example
Which index do you want to select by your index pattern? Do you want just select the latest index like wazuh-alerts-4.x-2022.01.02 on Jan 02?
If so, you may use "wazuh-alerts-4.x*" and filter by date. I'm not sure I caught what you want.
Here, look, in the kibana visualization, I can specify this pattern (wazuh-alerts-*) which will include all previously created patterns by day
What is the problem?
Which index do you want to select by your index pattern?
In this case, I will select wazuh-alerts-* and I can easily filter events in it, let's say 2 days ago, but these are wazuh indexes, it creates such a pattern automatically, I want to understand how to create such a template and filter them by day as I want, instead of creating a new index for each day
Hmm, I'm not sure I get exactly what you want. I got you want to create index pattern from new indecis created some day.
But anyway, creating index pattern automatically is very difficult.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.