How to add automatically all the indices from elasticsearch to kibana?

Question

I am trying to list my elasticsearch indices into kibana for a visualization, so that I can use the data in my program.
Whenever I try to map the index in kibana, I manually input the name of the index. I have 20 + indices into elasticsearch and I do not prefer to index them manually.
I would like to know how I can make the mapping automatic? If any configuration or coding is require then how I can achieve to develop a plugin for my requirements. Kindly help me.

Here is the Kibana5 management console for indexed patterns:

As one can see only one index finale in the list. That I have done manually. But I have many indices, so need to make the process automatic. Kindly help me with suggestions.

Answer 1

Index pattern in kibana follow regex pattern. If you want to add all indexes in the use '*' in index_pattern. But then this will consider all the indices while you throw your queries on the ES from kibana, the result will be combined result of all the indices. You won't be able to do granular analysis on each indices.

There is a little workaround to do analysis on each analysis if you will define a _type filter for each visualization, then you would be able to do analysis on each index.

Again to go with this approach you must have a same timestamp field defined in all indices.

Again this is not the text_book solution but this saves you from writing plugin or tweaking the code.

Otherwise you have no option but to

Answer 2

You can use the Kibana HTTP API in a bash script like this:

for index in $(curl -s -XGET ${ES}/_cat/indices?h=i)
do
    if [[ ! ${index:0:1} = "." ]]; then
        echo $index
        curl -XPOST ${KIBANA}/api/saved_objects/index-pattern \
        -H "kbn-xsrf: toto" \
        -H 'Content-Type: application/json;charset=UTF-8' \
        --data-binary "{\"attributes\":{\"title\":\"${index}\",\"timeFieldName\":\"day\"}}"
  fi
done

• Read elasticsearch indices
• Loop and add

-> I have hardcoded timeFieldName here.