Creating index patterns on Kibana

Last Updated : Oct 26, 2022 |

About this task

An index pattern identifies one or more OpenSearch indexes to explore with the Kibana logging service. Kibana (OpenSearch dashboard) performs a search for the index names that match the specified pattern. An asterisk (*) in the pattern matches zero or more characters. Index patterns enable you to interactively explore and visualize data on Kibana.

Before you begin

  • Perform a full backup of Common Services and application data.

  • Ensure sufficient disk space is available to store the indexes.

  • Ensure the status of all the indexes displays in green.

  • Access the Kibana URL to ensure the web page is functional.

  • Create the Kibana user and credentials for logging in to the dashboard.

    ccm release common-services createKibanaUser -u <username> -r READ-WRITE

Procedure

  1. Log in to Kibana using the URL https://<cluster-FQDN>/logging.
  2. From the menu, click Stack Management.
  3. Click Index Patterns.

    The index patterns are not created by default. You must create the index patterns.

  4. Click Create Index Pattern.
  5. Specify the index pattern in the following format:

    fluent-<yyyy.mm>.*, where yyyy is the year and mm is the month of the index pattern creation.

    For example: fluent-2020.06.*

    Important:

    Do not create generic index patterns like fluent-* and trace-*.

    Tip:

    To filter the logs for k8saudit, trace, and ausec, you can create index patterns in the following formats:

    fluent-k8saudit-<yyyy.mm>.*

    trace-<yyyy.mm>.*

    ausec-<yyyy.mm>.*

    For example:

    fluent-k8saudit-2020.06.*

    trace-2020.06.*

    ausec-2020.06.*

  6. Click Next step.
  7. From the Time Filter field name drop-down, select @timestamp.
  8. Click Create Index Pattern.

    Kibana creates an index pattern.

  9. From the menu, click Discover.

    Kibana displays all logs for the selected index pattern.