Cross cluster search with secured local and remote clusters


We’ve successfully connected our local cluster with the remote cluster and can do searches in the dev console. However, we can’t refresh the index pattern in Kibana (behind the hoods we see a 404 when trying this). This seems to also apply while creating the index pattern as Kibana claims this in step 2 in the UI:

Step 2 of 2: Configure settings
Specify settings for your \*:logs-\* index pattern.
The indices which match this index pattern don't contain any time fields.

The end result is that we can’t get the timestamp field, or any other field, set.

Our best guess is that we’re missing permissions or have something incorrectly configured but we have not managed to figure out what and thus reaching out in the hopes of someone being able to help us.

Please let me know which information I can provide to better help understand this issue.

Any insights into this are greatly appreciated.

I’m having the same issue. Note that if I create a “normal” index pattern and then I update the title field of the index pattern in the .kibana index to run cross-cluster searches it works. So it seems a Kibana issue. Not sure if it’s ODFE related.

I’m using ODFE 1.13

Interesting, so you’re editing the field directly in the .kibana index?

Also, you can read this thread: Cross cluster search with secured clusters - #7 by pablo

So, yes, it is ODFE related, and seems to be a regression from 1.12

Hi @alexz00

Thanks for the workaround. I’d say it’s ODFE issue. 1.13 is based on ELK 7.10.2. I had no issues with index pattern in ELK.

Fix is coming in 1.13.2!