Problem creating index pattern from CURL

Open Source Elasticsearch and Kibana
1

Hi everybody, i’m trying to write a script talking with opendistro and i need to write a curl in order to create an index pattern. I tried several solutions, but the one that seems to work gives me an index-pattern that is visibile in index-pattern’s list but when i try to click on it, i can only see an empty page.

image
image1785×639 14.7 KB

That’s the curl i run:

curl -X POST https’://‘$hostname’:‘$port’/‘.kibana/_doc/doc:index-pattern:$var -u ‘admin:admin’ -k -H ‘Content-Type: application/json’ -d ’
{“type” : “index-pattern”,“index-pattern” : {“title”: "’$var’-*",“timeFieldName”: “timestamp”}}')

And that’s the equivalent that i run in dev tools:

> POST .kibana/_doc/index_pattern/
> {
>   "type" : "index-pattern",
>   "references" : [ ],
>   "migrationVersion" : {
>             "index-pattern" : "7.6.0"
>           },
>   "index-pattern" : {
>     "title": "index_with_automated_retention_7*",
>     "timeFieldName": "timestamp",
>     "fields":"[]"
>   }
> }

Anybody can help me to fix this problem?
I need that my index pattern will be editable.
Thx in advance.

2

Have you tried this: Header "securitytenant" not work properly for select tenant - #2 by oscark

Also if you have multi tenant enable you probably don’t want to create the new index pattern in the .kibana-index but instead in the tenant specific index.

1 Like
3

Thx to answer my question! Figured out that something was wrong with the uri path I found online. For the ones who will look at this topic, i’m going to post the old wrong curl followed by the right one with the fix applied.

OLD CURL (WRONG):

curl -X POST https’://’$hostname’:’$port’/’.kibana/_doc/doc:index-pattern:$var -u ‘admin:admin’ -k -H ‘Content-Type: application/json’ -d ’
{“type” : “index-pattern”,“index-pattern” : {“title”: “’$var’-*”,“timeFieldName”: “timestamp”}}’)

NEW CURL (RIGHT):

curl -X POST https’://’$hostname’:’$port’/’.kibana/_doc/index-pattern:$var -u ‘admin:admin’ -k -H ‘Content-Type: application/json’ -d ’
{“type” : “index-pattern”,“index-pattern” : {“title”: “’$var’-*”,“timeFieldName”: “timestamp”}}’)

Essentially removed “doc:” from the uri.
Thx to everyone.