Hi Guys,
Wondering what is the difference between creating index pattern :logstash- and logstash-* other than index names starting with any:logstatsh?
I mean not sure if there is any other significance?
Where have you seen the first pattern? I've never seen that before.
However patterns are (mostly) literal, so unless you have an index called somethinghere:logstash-DATE, then it won't be of any use.
I see so it does not make any sense and I need to add it as logstash-* ?
Right?
Yep, that is all you need to do.
The first pantern is required if you want to use Kibana with cross-cluster search. The second pattern assumes you are querying just a single cluster.
Oh, that I did not know!
Ah that is right!! That could be the case since the logstash files I am
referring to has multiple elastichosts..
Thanks a ton 
Multiple hosts can still be a single cluster, and does not necessarily imply the use of cross-cluster search.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.