Change Index value of Kibana Link (multiple indexes in Elastic Search)

logs
elasticsearch

#1

In Orchestrator 2016.1, when using the buttons on the Logs page to connect to Kibana, the URL linked passes a ‘log*’ as the index parameter (e.g. link for Today):

http://applogs-np.xxxxxxx.xxx//#/discover?_a=(columns:!(’@message’,level,processName,windowsIdentity),index:‘log*’,interval:auto,query:(query_string:(analyze_wildcard:!t,query:’*’)),sort:!(’@timestamp’,desc))&_g=(refreshInterval:(display:Off,section:0,value:0),time:(from:now%2Fd,mode:quick,to:now%2Fd))

In our instance of Elastic Search we have multiple business applications, each with their own log prefix. Is there a way to update the link to point to the correct Index? (In our case ‘rpaops-’)


#2

Also - the Column @Message does not contain data, so it should pick up Message instead.

Can this be made configurable, so we can see specific columns? Including any custom fields which we may add.


#3

@Teodor_Hoaghea @Eesh_Tyagi


#4

I know this is an old topic but I’m also looking for a similar solution.

Thanks