Enable use of date math in Monitor index names / patterns

[jSherz]

Is your feature request related to a problem? Please describe. I'd like to narrow the amount of data that is searched by our monitors by limiting them to only indexes created in the last few days. I use logstash and thus they're in the format logstash-YYYY.MM.DD.

With a search query, I can use the angle brackets and select indexes1 like today's <logstash-{now/d}> and yesterday's <logstash-{now-1d/d}>.

However if I try this in Kibana when creating a monitor, it won't accept the angle brackets.

One of your inputs contains invalid characters or spaces. Please omit: \ / ? " < > | ,

Describe the solution you'd like

As per the linked article.

Describe alternatives you've considered

I've considered programmatically updating the monitors every day to only contain today's index name.

Additional context

N/A

[celesteking]

More than that, replacing the chars according to ES docs doesn't gain any results despite error message in Monitor index being gone: %3Cmyindex-%7Bnow%2Fd%7BYYYY-MM-dd%7D%7D%3E

[celesteking]

Alright, so the issue is actually with kibana Alerting, not the ES side. If you disable the validations, it's able to save the <logstash-{now/d}> and process it just fine.

Here's what's needed on kibana side:

--- /usr/share/kibana/plugins/opendistro-alerting/public/utils/validate.js.orig 2020-04-06 15:56:05.043218805 -0500
+++ /usr/share/kibana/plugins/opendistro-alerting/public/utils/validate.js      2020-04-10 09:21:43.098676975 -0500
@@ -72,7 +72,7 @@
     return 'Must be a positive integer between 1-31';
 };
 
-export const ILLEGAL_CHARACTERS = ['\\', '/', '?', '"', '<', '>', '|', ',', ' '];
+export const ILLEGAL_CHARACTERS = ['\\', '?', '"', '|', ',', ' '];
 
 export const validateIndex = options => {
   if (!Array.isArray(options)) return 'Must specify an index';

[celesteking]

1 year to incorporate a simple change?