2016-10-25 03:41:32 +02:00
|
|
|
|
[[tutorial-define-index]]
|
2019-07-25 22:46:23 +02:00
|
|
|
|
=== Define your index patterns
|
2016-10-25 03:41:32 +02:00
|
|
|
|
|
2018-05-14 22:54:23 +02:00
|
|
|
|
Index patterns tell Kibana which Elasticsearch indices you want to explore.
|
|
|
|
|
An index pattern can match the name of a single index, or include a wildcard
|
2019-07-25 22:46:23 +02:00
|
|
|
|
(*) to match multiple indices.
|
2018-05-14 22:54:23 +02:00
|
|
|
|
|
|
|
|
|
For example, Logstash typically creates a
|
|
|
|
|
series of indices in the format `logstash-YYYY.MMM.DD`. To explore all
|
|
|
|
|
of the log data from May 2018, you could specify the index pattern
|
|
|
|
|
`logstash-2018.05*`.
|
|
|
|
|
|
2019-07-25 22:46:23 +02:00
|
|
|
|
|
|
|
|
|
[float]
|
|
|
|
|
==== Create your first index pattern
|
|
|
|
|
|
|
|
|
|
First you'll create index patterns for the Shakespeare data set, which has an
|
2018-05-14 22:54:23 +02:00
|
|
|
|
index named `shakespeare,` and the accounts data set, which has an index named
|
2019-07-25 22:46:23 +02:00
|
|
|
|
`bank`. These data sets don't contain time series data.
|
2018-05-14 22:54:23 +02:00
|
|
|
|
|
2020-06-12 16:39:36 +02:00
|
|
|
|
. Open the menu, then go to *Stack Management > {kib} > Index Patterns*.
|
|
|
|
|
. If this is your first index pattern, the *Create index pattern* page opens.
|
2019-07-25 22:46:23 +02:00
|
|
|
|
Otherwise, click *Create index pattern*.
|
2020-06-12 16:39:36 +02:00
|
|
|
|
. In the *Index pattern field*, enter `shakes*`.
|
2018-05-14 22:54:23 +02:00
|
|
|
|
+
|
|
|
|
|
[role="screenshot"]
|
|
|
|
|
image::images/tutorial-pattern-1.png[]
|
|
|
|
|
|
|
|
|
|
. Click *Next step*.
|
2020-06-12 16:39:36 +02:00
|
|
|
|
. Select the *Time Filter field name*, then click *Create index pattern*.
|
2019-07-25 22:46:23 +02:00
|
|
|
|
+
|
|
|
|
|
You’re presented a table of all fields and associated data types in the index.
|
|
|
|
|
|
2020-06-12 16:39:36 +02:00
|
|
|
|
. Return to the *Index patterns* page and create a second index pattern named `ba*`.
|
2019-07-25 22:46:23 +02:00
|
|
|
|
|
|
|
|
|
[float]
|
2020-06-12 16:39:36 +02:00
|
|
|
|
==== Create an index pattern for the time series data
|
2018-05-14 22:54:23 +02:00
|
|
|
|
|
2020-06-12 16:39:36 +02:00
|
|
|
|
Create an index pattern for the Logstash index, which
|
|
|
|
|
contains the time series data.
|
2018-05-14 22:54:23 +02:00
|
|
|
|
|
2019-06-28 01:34:26 +02:00
|
|
|
|
. Define an index pattern named `logstash*`.
|
2018-05-14 22:54:23 +02:00
|
|
|
|
. Click *Next step*.
|
2020-06-12 16:39:36 +02:00
|
|
|
|
. From the *Time Filter field name* dropdown, select *@timestamp*.
|
2018-05-14 22:54:23 +02:00
|
|
|
|
. Click *Create index pattern*.
|
|
|
|
|
|
|
|
|
|
NOTE: When you define an index pattern, the indices that match that pattern must
|
|
|
|
|
exist in Elasticsearch and they must contain data. To check which indices are
|
2020-06-12 16:39:36 +02:00
|
|
|
|
available, open the menu, then go to *Dev Tools > Console* and enter `GET _cat/indices`. Alternately, use
|
2018-05-14 22:54:23 +02:00
|
|
|
|
`curl -XGET "http://localhost:9200/_cat/indices"`.
|
|
|
|
|
|
2019-07-25 22:46:23 +02:00
|
|
|
|
|
|
|
|
|
|