8.2. Defining Kibana index patterns
An index pattern defines the Elasticsearch indices that you want to visualize. To explore and visualize data in Kibana, you must create an index pattern.
Prerequisites
A user must have the
cluster-adminrole, thecluster-readerrole, or both roles to view the infra and audit indices in Kibana. The defaultkubeadminuser has proper permissions to view these indices.If you can view the pods and logs in the
default,kube-andopenshift-projects, you should be able to access these indices. You can use the following command to check if the current user has appropriate permissions:$ oc auth can-i get pods/log -n <project>
Example output
yes
注意The audit logs are not stored in the internal OpenShift Container Platform Elasticsearch instance by default. To view the audit logs in Kibana, you must use the Log Forwarding API to configure a pipeline that uses the
defaultoutput for audit logs.- Elasticsearch documents must be indexed before you can create index patterns. This is done automatically, but it might take a few minutes in a new or updated cluster.
Procedure
To define index patterns and create visualizations in Kibana:
-
In the OpenShift Container Platform console, click the Application Launcher
and select Logging.
Create your Kibana index patterns by clicking Management
Index Patterns Create index pattern: -
Each user must manually create index patterns when logging into Kibana the first time in order to see logs for their projects. Users must create an index pattern named
appand use the@timestamptime field to view their container logs. -
Each admin user must create index patterns when logged into Kibana the first time for the
app,infra, andauditindices using the@timestamptime field.
-
Each user must manually create index patterns when logging into Kibana the first time in order to see logs for their projects. Users must create an index pattern named
- Create Kibana Visualizations from the new index patterns.
