[Reporting] change how the .kibana-reporting
datastream is created
#211658
Labels
Feature:Reporting:Framework
Reporting issues pertaining to the overall framework
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
We currently have some SDHs that are being caused by the
.kibana-reporting
index not being created by ES, because of the ES config settingstack.templates.enabled: false
.KB article: https://support.elastic.dev/knowledge/view/42d36e7e
Seems like we should change this to create the datastream ourself. We have lots of experience now, between the event log and alerts indices, for creation/updating. This would mean reporting wouldn't be sensitive to the ES config setting.
If we start seeing more of these issues, and need something delivered sooner, we could probably at least make the issue more obvious:
The "add something" means check to see if the index is in the shape we need (a datastream, not an index, the mappings are right, etc), and then be able to inform the user.
We could probably check at startup as well.
Since a customer could presumably fix this without rebooting Kibana, it doesn't feel like we'd want to do something like check at startup and disable reporting completely. But making it noisy seems good.
The text was updated successfully, but these errors were encountered: