We’ve successfully connected our local cluster with the remote cluster and can do searches in the dev console. However, we can’t refresh the index pattern in Kibana (behind the hoods we see a 404 when trying this). This seems to also apply while creating the index pattern as Kibana claims this in step 2 in the UI:
Step 2 of 2: Configure settings
Specify settings for your \*:logs-\* index pattern.
The indices which match this index pattern don't contain any time fields.
The end result is that we can’t get the timestamp field, or any other field, set.
Our best guess is that we’re missing permissions or have something incorrectly configured but we have not managed to figure out what and thus reaching out in the hopes of someone being able to help us.
Please let me know which information I can provide to better help understand this issue.
Thank you so much for investigating this, what would be the next step?
Also, in Elastic 7.11 this flow is changing as the cached mapping is removed. Is this something that potentially might make it into a future OpenDistro release? Or do I need to file a bug and/or feature request somewhere?
And, after some more testing: If the index pattern is created from code and you do supply a field mapping for the ‘@timestamp’ field then you don’t have to refresh it from Kibana.
I guess you should not rely on the automatic mapping anyways but it has been more convenient. So, instead of patching the Kibana index directly and updating the title you can also do something like this: