https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-deploying.html#cluster-logging-visualizer-indices_cluster-logging-deploying When a cluster is first created, if Logging is one of the initial things installed/deployed, there is not yet anything that will generate app logs. Similarly, audit isn't enabled by default, and no audit logs will be generated. Until these logs are generated, no indices for apps or audit will exist. This makes creating index _patterns_ for them impossible. There is a note about audit logs that does not make this clear, but no such note exists for app logs.
*** Bug 1968577 has been marked as a duplicate of this bug. ***
Impacts supported OCP version, so updating to 4.8
https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-deploying.html#cluster-logging-visualizer-indices_cluster-logging-deploying "The audit logs are not stored in the internal OpenShift Container Platform Elasticsearch instance by default. To view the audit logs in Kibana, you must use the Log Forwarding API to configure a pipeline that uses the default output for audit logs. Elasticsearch documents must be indexed before you can create index patterns. This is done automatically, but it might take a few minutes in a new or updated cluster."