Default to Use event times to create index names for time based index patterns

[ppf2]

The documentation (https://www.elastic.co/guide/en/kibana/current/settings.html#settings-create-pattern) talks about how by default, Kibana guesses that the user is working with log data fed into ES by LS (btw, there's a duplicate "you're" below).

Go to the Settings > Indices tab.
Specify an index pattern that matches the name of one or more of your Elasticsearch indices. By default, Kibana guesses that you’re you’re working with log data being fed into Elasticsearch by Logstash.

Then it talks about the Use event times to create index names option that is applicable if using LS to feed data into ES.

If new indices are generated periodically and have a timestamp appended to the name, select the Use event times to create index names option and select the Index pattern interval. This enables Kibana to search only those indices that could possibly contain data in the time range you specify. This is primarily applicable if you are using Logstash to feed data into Elasticsearch.

The Use event times to create index names is actually quite important. Otherwise, K4 queries will always perform a search against all logstash-* indices regardless of the time range specified.

It is possible to default (auto-check) to Use event times to create index names when Index contains time-based events is checked so that Logstash users will not forget to select Use event times to create index names at index pattern creation time? Or provide some kind of warning? Otherwise, once the index pattern is created, they can't change it, and will have to create a new index pattern with this option checked (which means that they will also have to go back and manually fix every existing visualization in Kibana 4 to map to the new index pattern: #2480).

[rashidkpc]

We're deprecating timestamped indices in favor of the _field_stats API. See here: #4342