in Kibana3, elasticsearch querys were based on the required indices given on the selected time.
This feature should also be implemented in Kibana 4 (there was a side note in a news at elastic.co about 1-2 months ago) so that you could set i.e. logstash-* as index patterns but the querys made in kibana only searches in the required (daily,weekly..) indices.
This would allow us the migration from kibana3 to 4 due to our hardware setup with tiered storage.
Is the feature already implemented or coming in the future?
The problem is that, as said, if you use logstash-* as index pattern with daily indices and you search for the last hour, kibana should send a query to elasticsearch with logstash-2015.06.15 as index and the query parameters.
Instead of doing this, if you issue a search over the last hour, it seems like all the indices provided in the index patterns are getting queried, which results in bad query performance if you got like 50 indices in your escluster(some laying on HDDs).
As said in kibana3 this is solved with providing index patterns + telling it that there are daily,weekly,hourly indices.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.