Index Selecting

#1

Is there any way to select all existing index and new index as well also. New Index is getting created every day. So we can’t modify alert configuration every day and select new index.

For Ex : Today i have created alert , so i have selected all index still today. Tomorrow new index will get create and i need to select it again in alert configuration. This we can’t do every day.

#2

Hello, I think if you use index pattern with asterisk (*) you can fix this problematic.

E.g : You made an alert on the index logstash-2019-03-27
Then tomorrow you will have logstash-2019-03-28
So the alert won’t work anymore.
To fix this issue, you can make your alert on the index logstash*, log*, logtsash-*
It will match the future indexes.

Is there any way to select all existing index and new index as well also. New Index is getting created every day. So we can’t modify alert configuration every day and select new index.

You can make an alert on the * index so you will have all indexes and new ones too.

Hope it helped.
Thi

#3

Hi,

It is not allowing me to use *.


#4

Have you checked the logs of elasticsearch? I think you have permissions issues.
When you type index pattern, you should press Enter so it selects it.

Thi

#6

Hi
Thanks it is working.