Unable to fetch result with SQL query

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Describe the issue: We have Opensearch configured by the organisation in which I see that the index in the logs is always named with a timestamp, something like <index-name>-2025.09.03-005174 and is mapped to the field _index in logs. There are multiple such indexes that get created, not sure of the algorithm on how its created but our logs are scattered across different such indexes.
To do a query in Dev Tool we do an api call to the index pattern of GET <index-name>*/_search.
But when trying to do a query using SQL it shows a Bad Request. I am trying something like:
select <field_name> from <index_name> but if I try with select <field-name> from <index-name>-2025.09.03-005174 I get a success response with the right table.
Is there any way to do a search using the * in index name

Configuration:

Relevant Logs or Screenshots:

Hi @SoumenduK ,

What version are you seeing this issue with? How many index’s at once are you trying to search?

Leeroy.

@SoumenduK what version of OS are you using?

I tested this on 2.19.2 and the below works as expected:

POST _plugins/_sql
{
  "query": "SELECT service FROM logs-*"
}

@Anthony I am using v2.9.0 of OpenSearch. Below is the error I get.

image1380×884 73.3 KB

Can you please surround the apim-kong-gateway-logs in ``

select event.request_http_parametr_apikey from `apim*`

This also gives an error but a different one. The error is as below

`apim*`: Service Unavailable, this query is not runnable.

@SoumenduK I’ve tested that solution in 2.9.0 and I had no issues

select audit_cluster_name from `security-auditlog-2025.09.2*`

image603×753 33.1 KB

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.