WARNING: Version 5.5 of Kibana has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
Elasticsearch supports the ability to run search and aggregation requests across multiple clusters using a module called cross cluster search.
In order to take advantage of cross cluster search, you must configure your Elasticsearch clusters accordingly. Review the corresponding Elasticsearch documentation before attempting to use cross cluster search in Kibana.
Starting in Kibana 6.3, you can specify multiple clusters to search as
a comma-separated list using the
notation. If you are running Kibana 6.2 or earlier, you cannot use a
comma-separated list that points to separate clusters.
Once your Elasticsearch clusters are configured for cross cluster search, you can create
specific index patterns in Kibana to search across the clusters of your choosing. Using the
same syntax that you’d use in a raw cross cluster search request in Elasticsearch, create your
index pattern in Kibana with the convention
Just like in raw search requests in Elasticsearch, you can use wildcards in your cluster names
to match any number of clusters, so if you wanted to search logstash indices across any
cluster_bar, and so on, you would use
as your index pattern in Kibana.
If you want to query across all Elasticsearch clusters that have been configured for cross
cluster search, then use a standalone wildcard for your cluster name in your Kibana index
Once an index pattern is configured using the cross cluster search syntax, all searches and aggregations using that index pattern in Kibana take advantage of cross cluster search.