Select pattern instead of an index

m_pahlevanzadeh · May 25, 2024, 9:02am

I store log automatically every day into opensearch with patern fortigate-logs%{+YYYY-MM-dd}
Now each day an index will be created for each day.
When I want to create correlation rule, I should choose an index, How can I tell opensearch select pattern instead of an index?

Mantas · May 27, 2024, 10:01am

Hi @m_pahlevanzadeh

Have you tried an index alias instead?

Here is more info at Index aliases - OpenSearch Documentation

Looking at Docs, you can specify index patterns as well: Creating correlation rules - OpenSearch Documentation

“Select index dropdown list, specify an index or index pattern…”

something like:

fortigate-logs*

Best,
mj

system · July 26, 2024, 10:02am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Change default index pattern with role // Discover feature Security configure	8	1160	February 28, 2023
Looking to create index pattern for viewing the logs on dashboard using the api General Feedback configure , index-management	2	2390	August 31, 2022
Index Selecting Alerting	5	1007	August 31, 2020
Not able to create index pattern using all_access role OpenSearch	1	463	December 4, 2023
Feedback: Experimental Feature - Security Analytics General Feedback	10	792	January 3, 2023

Select pattern instead of an index

Related topics