Bug 1968576

Summary: Logging documentation suggests creating index patterns for indices that don't exist in empty cluster
Product: OpenShift Container Platform Reporter: Erik M Jacobs <ejacobs>
Component: DocumentationAssignee: landerso
Status: CLOSED NOTABUG QA Contact: Xiaoli Tian <xtian>
Severity: unspecified Docs Contact: Claire Bremble <cbremble>
Priority: unspecified    
Version: 4.8   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-10-24 14:50:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Erik M Jacobs 2021-06-07 15:20:48 UTC 
https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-deploying.html#cluster-logging-visualizer-indices_cluster-logging-deploying

When a cluster is first created, if Logging is one of the initial things installed/deployed, there is not yet anything that will generate app logs. Similarly, audit isn't enabled by default, and no audit logs will be generated.

Until these logs are generated, no indices for apps or audit will exist.

This makes creating index _patterns_ for them impossible.

There is a note about audit logs that does not make this clear, but no such note exists for app logs.
Comment 1 Petr Kovar 2021-11-01 14:02:50 UTC 
*** Bug 1968577 has been marked as a duplicate of this bug. ***
Comment 6 Claire Bremble 2022-09-15 18:14:05 UTC 
Impacts supported OCP version, so updating to 4.8
Comment 7 landerso 2022-10-24 14:50:57 UTC 
https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-deploying.html#cluster-logging-visualizer-indices_cluster-logging-deploying 

"The audit logs are not stored in the internal OpenShift Container Platform Elasticsearch instance by default. To view the audit logs in Kibana, you must use the Log Forwarding API to configure a pipeline that uses the default output for audit logs.

Elasticsearch documents must be indexed before you can create index patterns. This is done automatically, but it might take a few minutes in a new or updated cluster."