How do I create an index pattern in OpenSearch using the API?

Question

I want to create an index pattern using the Opensearch API. The issue I'm having is with the message body type. I'm getting the following message when running my script

I'm running opensearch 1.3

Invoke-RestMethod: {"statusCode":400,"error":"Bad Request","message":"[request body.attributes]: expected value of type [object] but got [undefined]"}

$baseuri = "https://<clusterendpoint>.<region>.es.amazonaws.com"

#obtain auth cookie
$authbody  = @"
{"username":"$apiUserName", "password":"$apiPassword"}
"@
$authUri = "$baseuri/_dashboards/auth/login"
Invoke-RestMethod -Method Post -Uri $authUri -Headers @{"osd-xsrf"="true"} -ContentType "application/json" -Body $authbody -SessionVariable S1

#### create index pattern
$indexid = "indexname"
$body=@"
{
    "index_pattern": {
        "title": "indexname-*",
        "timeFieldName": "@timestamp"
    }
}
"@
$uri = "$baseuri/_dashboards/api/saved_objects/index-pattern/$indexid"

Invoke-RestMethod -Method Post -Uri $uri -Headers @{"osd-xsrf"="true"} -ContentType "application/json" -WebSession $S1 -Body $body -Verbose

I've attempted various ways of defining an object with no luck. when I run the invoke with ($body | convertfrom-json) I get a different error message.

Invoke-RestMethod: {"statusCode":400,"error":"Bad Request","message":"[request body]: expected a plain object value, but found [null] instead."}

UPDATE: I did originally attempt to use the create index pattern API for elastic, but this results in a new index being created, not an opensearch index_pattern.

$body=@{
    "index_pattern"= @{
        "title"= "ai-summary"
    }
}

$uri = "$baseuri/api/index_patterns/$indexid"

Invoke-RestMethod -Method Post -Uri $uri -Headers @{"osd-xsrf"="true"} -ContentType "application/json" -WebSession $S1 -Body ($body | ConvertTo-Json) -Verbose -Credential $credObject

Answer 1

I believe that the issue is that when using the saved_objects endpoint you need to use "attributes" in your POST data instead of "index_pattern". (Note your error message, "[request body.attributes]: expected value of type [object] but got [undefined]".) So your body would be:

{
    "attributes": {
        "title": "indexname-*",
        "timeFieldName": "@timestamp"
    }
}

I'm unfamiliar with the language you're using, but something like the following shell script works for me (under OpenSearch 2.5, but I believe it will also work with OpenSearch 1.3).

#! /bin/bash

ESHOST=my-host
ID=my-index-pattern-id
PATTERN='my-indexname*'
TIMESTAMP=timestamp

curl "https://$ESHOST/_dashboards/api/saved_objects/index-pattern/$ID" \
  -H 'osd-xsrf: true' \
  -H 'Content-Type: application/json' \
  --data-binary @- \
<<EOF
{
  "attributes": {
    "title": "$PATTERN",
    "timeFieldName": "$TIMESTAMP"
  }
}
EOF

As you noted, OpenSearch does not seem to support Kibana's index_patterns API. (Or at least I also could not get it to work.) I'm also not sure that the saved_objects endpoint does everything that the index_patterns API would. At least when I use OpenSearch Dashboards to visit the index pattern I created it updates the index pattern with the index's fields.