[11:57:59] hello! I'd like to update/make a logstash dashboard that uses the ECS index [11:58:10] I see other dashboards that do this, but i can't find any settings that choose the ECS index [11:58:17] any tips on how to do this? [12:02:28] ottomata: hi! what I've done in the past is assemble the dashboard from visualizations that use ecs, some of them have "ecs" explicit in the name, searching "ecs" in https://logstash.wikimedia.org/app/visualize will give you a list [12:02:57] like, you just save as and then edit? [12:04:18] the visualization or the dashboard ? my understanding is that dashboards are essentially a container of visualizations, and the index pattern to perform queries is in the individual visualization rather than the dashboard [12:05:28] oh my, and i just realised that cloning the dashboard and editing the viz....edits the viz in the og dash [12:05:28] eek [12:05:37] okay i think i see [12:05:38] cool [12:05:55] so i really need to make a new dash and a new viz [12:05:56] for each [12:06:30] unless there are visualizations you can reuse [12:06:48] this is a options drop down that allow you to select k8s cluster and namespace to get logs from [12:09:17] got it, in that case it might make sense to add (rather than replace) ecs-* to the existing visualization and keep one? [12:09:24] keep one visualization [12:10:37] yeah i think thats right [12:10:39] okay cool [12:36:56] ok got it [12:36:57] https://logstash.wikimedia.org/app/dashboards#/view/f3fefa60-f95a-11ed-aacf-e115c4d3fd2c?_g=(filters%3A!()%2CrefreshInterval%3A(pause%3A!t%2Cvalue%3A0)%2Ctime%3A(from%3Anow-24h%2Cto%3Anow)) [16:28:58] fwiw, got it! https://logstash.wikimedia.org/app/dashboards#/view/f3fefa60-f95a-11ed-aacf-e115c4d3fd2c?_g=(filters%3A!()%2CrefreshInterval%3A(pause%3A!t%2Cvalue%3A0)%2Ctime%3A(from%3Anow-24h%2Cto%3Anow))