2016-10-25 03:41:32 +02:00
|
|
|
|
[[managing-fields]]
|
2020-02-06 18:16:32 +01:00
|
|
|
|
== Index Patterns and Fields
|
2016-10-25 03:41:32 +02:00
|
|
|
|
|
2020-02-06 18:16:32 +01:00
|
|
|
|
The *Index patterns* UI helps you create and manage
|
|
|
|
|
|
the index patterns that retrieve your data from Elasticsearch.
|
2016-10-25 03:41:32 +02:00
|
|
|
|
|
2020-02-06 18:16:32 +01:00
|
|
|
|
[role="screenshot"]
|
|
|
|
|
|
image::images/management-index-patterns.png[]
|
|
|
|
|
|
|
|
|
|
|
|
[float]
|
|
|
|
|
|
=== Create an index pattern
|
|
|
|
|
|
|
|
|
|
|
|
An index pattern is the glue that connects Kibana to your Elasticsearch data. Create an
|
|
|
|
|
|
index pattern whenever you load your own data into Kibana. To get started,
|
|
|
|
|
|
click *Create index pattern*, and then follow the guided steps. Refer to
|
|
|
|
|
|
<<index-patterns, Creating an index pattern>> for the types of index patterns
|
|
|
|
|
|
that you can create.
|
|
|
|
|
|
|
|
|
|
|
|
[float]
|
|
|
|
|
|
=== Manage your index pattern
|
|
|
|
|
|
|
|
|
|
|
|
To view the fields and associated data types in an index pattern, click its name in
|
|
|
|
|
|
the *Index patterns* overview.
|
|
|
|
|
|
|
|
|
|
|
|
[role="screenshot"]
|
|
|
|
|
|
image::management/index-patterns/images/new-index-pattern.png["Index files and data types"]
|
|
|
|
|
|
|
|
|
|
|
|
Use the icons in the upper right to perform the following actions:
|
|
|
|
|
|
|
|
|
|
|
|
* [[set-default-pattern]]*Set the default index pattern.* {kib} uses a badge to make users
|
|
|
|
|
|
aware of which index pattern is the default. The first pattern
|
|
|
|
|
|
you create is automatically designated as the default pattern. The default
|
|
|
|
|
|
index pattern is loaded when you open *Discover*.
|
|
|
|
|
|
|
|
|
|
|
|
* *Refresh the index fields list.* You can refresh the index fields list to
|
|
|
|
|
|
pick up any newly-added fields. Doing so also resets Kibana’s popularity counters
|
|
|
|
|
|
for the fields. The popularity counters are used in *Discover* to sort fields in lists.
|
|
|
|
|
|
|
|
|
|
|
|
* [[delete-pattern]]*Delete the index pattern.* This action removes the pattern from the list of
|
|
|
|
|
|
Saved Objects in {kib}. You will not be able to recover field formatters,
|
|
|
|
|
|
scripted fields, source filters, and field popularity data associated with the index pattern.
|
|
|
|
|
|
Deleting an index pattern does
|
|
|
|
|
|
not remove any indices or data documents from {es}.
|
|
|
|
|
|
+
|
|
|
|
|
|
WARNING: Deleting an index pattern breaks all visualizations, saved searches, and
|
|
|
|
|
|
other saved objects that reference the pattern.
|
|
|
|
|
|
|
|
|
|
|
|
[float]
|
|
|
|
|
|
=== Edit a field
|
|
|
|
|
|
|
|
|
|
|
|
To edit a field's properties, click the edit icon
|
|
|
|
|
|
image:management/index-patterns/images/edit_icon.png[] in the detail view.
|
|
|
|
|
|
You can set the field's format and popularity value.
|
2016-10-25 03:41:32 +02:00
|
|
|
|
|
|
|
|
|
|
Kibana has field formatters for the following field types:
|
|
|
|
|
|
|
|
|
|
|
|
* <<field-formatters-string, Strings>>
|
|
|
|
|
|
* <<field-formatters-date, Dates>>
|
|
|
|
|
|
* <<field-formatters-geopoint, Geopoints>>
|
|
|
|
|
|
* <<field-formatters-numeric, Numbers>>
|
|
|
|
|
|
|
|
|
|
|
|
[[field-formatters-string]]
|
|
|
|
|
|
=== String Field Formatters
|
|
|
|
|
|
|
|
|
|
|
|
String fields support the `String` and `Url` formatters.
|
|
|
|
|
|
|
|
|
|
|
|
include::field-formatters/string-formatter.asciidoc[]
|
|
|
|
|
|
|
|
|
|
|
|
include::field-formatters/url-formatter.asciidoc[]
|
|
|
|
|
|
|
|
|
|
|
|
[[field-formatters-date]]
|
|
|
|
|
|
=== Date Field Formatters
|
|
|
|
|
|
|
|
|
|
|
|
Date fields support the `Date`, `Url`, and `String` formatters.
|
|
|
|
|
|
|
2019-11-20 20:08:27 +01:00
|
|
|
|
The `Date` formatter enables you to choose the display format of date stamps using the https://momentjs.com/[moment.js]
|
2016-10-25 03:41:32 +02:00
|
|
|
|
standard format definitions.
|
|
|
|
|
|
|
|
|
|
|
|
include::field-formatters/string-formatter.asciidoc[]
|
|
|
|
|
|
|
|
|
|
|
|
include::field-formatters/url-formatter.asciidoc[]
|
|
|
|
|
|
|
|
|
|
|
|
[[field-formatters-geopoint]]
|
|
|
|
|
|
=== Geographic Point Field Formatters
|
|
|
|
|
|
|
|
|
|
|
|
Geographic point fields support the `String` formatter.
|
|
|
|
|
|
|
|
|
|
|
|
include::field-formatters/string-formatter.asciidoc[]
|
|
|
|
|
|
|
|
|
|
|
|
[[field-formatters-numeric]]
|
|
|
|
|
|
=== Numeric Field Formatters
|
|
|
|
|
|
|
|
|
|
|
|
Numeric fields support the `Url`, `Bytes`, `Duration`, `Number`, `Percentage`, `String`, and `Color` formatters.
|
|
|
|
|
|
|
2020-02-26 20:17:59 +01:00
|
|
|
|
The `Bytes`, `Number`, and `Percentage` formatters enable you to choose the display formats of numbers in this field using
|
|
|
|
|
|
the <<numeral, Elastic numeral pattern>> syntax that Kibana maintains.
|
|
|
|
|
|
|
2016-10-25 03:41:32 +02:00
|
|
|
|
include::field-formatters/url-formatter.asciidoc[]
|
|
|
|
|
|
|
|
|
|
|
|
include::field-formatters/string-formatter.asciidoc[]
|
|
|
|
|
|
|
|
|
|
|
|
include::field-formatters/duration-formatter.asciidoc[]
|
|
|
|
|
|
|
|
|
|
|
|
include::field-formatters/color-formatter.asciidoc[]
|
|
|
|
|
|
|
|
|
|
|
|
[[scripted-fields]]
|
|
|
|
|
|
=== Scripted Fields
|
|
|
|
|
|
|
|
|
|
|
|
Scripted fields compute data on the fly from the data in your Elasticsearch indices. Scripted field data is shown on
|
|
|
|
|
|
the Discover tab as part of the document data, and you can use scripted fields in your visualizations.
|
2018-11-01 14:13:37 +01:00
|
|
|
|
Scripted field values are computed at query time so they aren't indexed and cannot be searched using Kibana's default
|
2019-11-20 20:08:27 +01:00
|
|
|
|
query language. However they can be queried using Kibana's new <<kuery-query, experimental query language>>. Scripted
|
2018-11-01 14:13:37 +01:00
|
|
|
|
fields are also supported in the filter bar.
|
2016-10-25 03:41:32 +02:00
|
|
|
|
|
|
|
|
|
|
WARNING: Computing data on the fly with scripted fields can be very resource intensive and can have a direct impact on
|
|
|
|
|
|
Kibana's performance. Keep in mind that there's no built-in validation of a scripted field. If your scripts are
|
|
|
|
|
|
buggy, you'll get exceptions whenever you try to view the dynamically generated data.
|
|
|
|
|
|
|
2017-06-27 19:13:42 +02:00
|
|
|
|
When you define a scripted field in Kibana, you have a choice of scripting languages. Starting with 5.0, the default
|
|
|
|
|
|
options are {ref}/modules-scripting-expression.html[Lucene expressions] and {ref}/modules-scripting-painless.html[Painless].
|
|
|
|
|
|
While you can use other scripting languages if you enable dynamic scripting for them in Elasticsearch, this is not recommended
|
|
|
|
|
|
because they cannot be sufficiently {ref}/modules-scripting-security.html[sandboxed].
|
2017-01-13 16:54:06 +01:00
|
|
|
|
|
2018-06-27 05:17:41 +02:00
|
|
|
|
WARNING: Use of Groovy, JavaScript, and Python scripting is deprecated starting in Elasticsearch 5.0, and support for those
|
2017-06-27 19:13:42 +02:00
|
|
|
|
scripting languages will be removed in the future.
|
2016-10-25 03:41:32 +02:00
|
|
|
|
|
|
|
|
|
|
You can reference any single value numeric field in your expressions, for example:
|
|
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
|
doc['field_name'].value
|
|
|
|
|
|
----
|
|
|
|
|
|
|
2017-06-27 19:13:42 +02:00
|
|
|
|
For more background on scripted fields and additional examples, refer to this blog:
|
2017-01-13 16:54:06 +01:00
|
|
|
|
https://www.elastic.co/blog/using-painless-kibana-scripted-fields[Using Painless in Kibana scripted fields]
|
|
|
|
|
|
|
2016-10-25 03:41:32 +02:00
|
|
|
|
[float]
|
|
|
|
|
|
[[create-scripted-field]]
|
|
|
|
|
|
=== Creating a Scripted Field
|
|
|
|
|
|
To create a scripted field:
|
|
|
|
|
|
|
2019-01-09 21:18:53 +01:00
|
|
|
|
. Go to *Management > Kibana > Index Patterns*
|
2016-10-25 03:41:32 +02:00
|
|
|
|
. Select the index pattern you want to add a scripted field to.
|
2019-01-09 21:18:53 +01:00
|
|
|
|
. Go to the pattern's *Scripted fields* tab.
|
|
|
|
|
|
. Click *Add scripted field*.
|
2016-10-25 03:41:32 +02:00
|
|
|
|
. Enter a name for the scripted field.
|
|
|
|
|
|
. Enter the expression that you want to use to compute a value on the fly from your index data.
|
2019-01-09 21:18:53 +01:00
|
|
|
|
. Click *Create field*.
|
2016-10-25 03:41:32 +02:00
|
|
|
|
|
|
|
|
|
|
For more information about scripted fields in Elasticsearch, see
|
2017-06-27 19:13:42 +02:00
|
|
|
|
{ref}/modules-scripting.html[Scripting].
|
2016-10-25 03:41:32 +02:00
|
|
|
|
|
|
|
|
|
|
[float]
|
|
|
|
|
|
[[update-scripted-field]]
|
|
|
|
|
|
=== Updating a Scripted Field
|
|
|
|
|
|
To modify a scripted field:
|
|
|
|
|
|
|
2019-01-09 21:18:53 +01:00
|
|
|
|
. Go to *Management > Kibana > Index Patterns*
|
|
|
|
|
|
. Click the index pattern's *Scripted fields* tab.
|
2016-10-25 03:41:32 +02:00
|
|
|
|
. Click the *Edit* button for the scripted field you want to change.
|
2019-01-09 21:18:53 +01:00
|
|
|
|
. Make your changes and then click *Save field* to update the field.
|
2016-10-25 03:41:32 +02:00
|
|
|
|
|
|
|
|
|
|
WARNING: Keep in mind that there's no built-in validation of a scripted field. If your scripts are buggy, you'll get
|
|
|
|
|
|
exceptions whenever you try to view the dynamically generated data.
|
|
|
|
|
|
|
|
|
|
|
|
[float]
|
|
|
|
|
|
[[delete-scripted-field]]
|
|
|
|
|
|
=== Deleting a Scripted Field
|
|
|
|
|
|
To delete a scripted field:
|
|
|
|
|
|
|
2019-01-09 21:18:53 +01:00
|
|
|
|
. Go to *Management > Kibana > Index Patterns*
|
|
|
|
|
|
. Click the index pattern's *Scripted fields* tab.
|
2016-10-25 03:41:32 +02:00
|
|
|
|
. Click the *Delete* button for the scripted field you want to remove.
|
2019-01-09 21:18:53 +01:00
|
|
|
|
. Click *Delete* in the confirmation window.
|
