Is there API based method to create an index pattern in Kibana if its index is present in ES

Question

I have an index in ES.I need to create an index-pattern of the same in .kibana using an API call.In this creation, I even want to set the column which is going to be the tim

Answer 1

You can do it, but you'll need to construct the whole structure by yourself. An index pattern definition looks like this:

PUT .kibana/doc/index-pattern:<some-uuid>
{
      "type": "index-pattern",
      "updated_at": "2018-01-27T07:12:05.373Z",
      "index-pattern": {
        "title": "test*",
        "timeFieldName": "@timestamp",
        "fields": """ ... """,
      }
}

• title is the name of your index pattern, the same one you'd input if you create the index pattern through the UI
• timeFieldName is the name of the timestamp field
• fields is a string containing a JSON array of all the field definitions in your index pattern (see below)

The fields definition looks like this:

[
  {
    "name": "@timestamp",
    "type": "date",
    "count": 0,
    "scripted": false,
    "searchable": true,
    "aggregatable": true,
    "readFromDocValues": true
  },
  {
    "name": "_id",
    "type": "string",
    "count": 0,
    "scripted": false,
    "searchable": true,
    "aggregatable": true,
    "readFromDocValues": false
  },
  {
    "name": "_index",
    "type": "string",
    "count": 0,
    "scripted": false,
    "searchable": true,
    "aggregatable": true,
    "readFromDocValues": false
  },
  {
    "name": "_score",
    "type": "number",
    "count": 0,
    "scripted": false,
    "searchable": false,
    "aggregatable": false,
    "readFromDocValues": false
  },
  {
    "name": "_source",
    "type": "_source",
    "count": 0,
    "scripted": false,
    "searchable": false,
    "aggregatable": false,
    "readFromDocValues": false
  },
  {
    "name": "_type",
    "type": "string",
    "count": 0,
    "scripted": false,
    "searchable": true,
    "aggregatable": true,
    "readFromDocValues": false
  },
  {
    "name": "referer",
    "type": "string",
    "count": 0,
    "scripted": false,
    "searchable": true,
    "aggregatable": false,
    "readFromDocValues": false
  },
  ...
]

So you need to create this array for each of your fields, then stringify it and put the string inside the fields field.

Here is a sample document representing an index pattern:

 {
      "type": "index-pattern",
      "updated_at": "2018-01-27T07:12:05.373Z",
      "index-pattern": {
        "title": "test*",
        "timeFieldName": "@timestamp",
        "fields": """[{"name":"@timestamp","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"_id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"_index","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"_score","type":"number","count":0,"scripted":false,"searchable":false,"aggregatable":false,"readFromDocValues":false},{"name":"_source","type":"_source","count":0,"scripted":false,"searchable":false,"aggregatable":false,"readFromDocValues":false},{"name":"_type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"referer","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"referer.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"status","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"url","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"url.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true}]"""
      }
    }