I am trying to setup my environment so that I can switch from using tribe nodes to use cross cluster search and running in to a few problems
After some useful feedback in this forum I have configured my system with kibana pointing to a coordinating node in **cluster_1** with cross cluster search configured so I can also search indices in **cluster_2** and **cluster_3**.
I can configure index patterns in Kibana to search for logs as follows:-
logstash-* returns all local logs in cluster_1 successfully cluster_2:logstash-* returns all logs in remote cluster_2 successfully cluster_3:logstash-* returns all logs in remote cluster_3 successfully \*:logstash-* returns all logs in remote cluster_2 and cluster_3 successfully
Question1. Is there a way to set up an index pattern to query all logs in all 3 clusters i.e. local and remote clusters ?
Question 2. Is there a way to search specific remote clusters ? I have tried the documented syntax of **cluster_2,cluster_3:logstash-*** and in Kibana 5.6.2 it does not work
> Is there a way to set up an index pattern to query all logs in all 3 clusters i.e. local and remote clusters
There's 2 options, that may (or may not) suit you.
1. `logstash-*,*:logstash-*` should do what you want. That will search locally and on all remote clusters. 2. You can set up a cross-cluster prefix that points to the local cluster. So you can define `cluster_1` with a seed of `localhost:9300` then `*:logstash-*` would search all 3 clusters. It would use the cross-cluster-search mechanism, but cross cluster search is fairly low overhead so that shouldn't cause a problem.
> I have tried the documented syntax of cluster_2,cluster_3:logstash-* and in Kibana 5.6.2 it does not work
Which document has that? As far as _Elasticsearch_ is concerned, that pattern is
- the index named "cluster_2" in the local cluster - the indices named "logstash-*" in the "cluster_3" cluster
It's possible that Kibana has some feature that handles it differently, but once it gets to Elasticsearch we split the names by comma and then treat each part independently.
Apache Lucene, Apache Solr and all other Apache Software Foundation project and their respective logos are trademarks of the Apache Software Foundation.
Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries. This site and Sematext Group is in no way affiliated with Elasticsearch BV.
Service operated by Sematext