maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge branch 'master' of github.com:elasticsearch/kibana4

Browse source
This commit is contained in:
Rashid Khan 2014-09-18 14:39:36 -07:00
parent 2709eb19ed f8066373c7
commit f3eb7cc51c
3 changed files with 27 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
docs/dashboard.md
View file

@ -8,15 +8,13 @@ Using the dashboard requires that you have at least one [saved visualization](#v
### Creating a New Dashboard
The first time you open the Dashboard, it will be ready for you to build a new dashboard. However, once you build or load a dashboard, it will default to loading that and you will have to specifically create a new one.
You can create a new dashboard by clicking the left-most icon in the toolbar panel. This will clear the content of the existing dashboard (if any) and allow you to start building a new dashboard from scratch.
The first time you open the Dashboard, it will be ready for you to build a new dashboard. You can create a new dashboard by clicking the left-most icon in the toolbar panel.
### Adding Visualizations To a Dashboard
To add a visualization to the dashboard, click the plus button in the toolbar panel and a menu with all of your saved visualizations will appear.
From the menu, click on the visualization you want to include in your dashboard. If you have a lot of saved visualizations, you can use the *Visualization Filter* at the top of the list to find the visualization you want to use.
From the menu, click on the visualization you want to include in your dashboard. If you have more then 5 saved visualizations, you will need to use the *Visualization Filter* at the top of the list to find the visualization your looking for.
Once you've clicked on the visualization, you will see it appear in a *container* in the dashboard below.
@ -24,13 +22,11 @@ Once you've clicked on the visualization, you will see it appear in a *container
### Saving Dashboards
Once you have built a dashboard, you will most likely want to save it for loading and sharing later. To do this, click on the save button in the toolbar panel.
Clicking the save icon will shwo you a menu below the toolbar panel where you can enter a name for your dashboard. After giving it a name, click the *Save* button.
Click on the save button in the toolbar panel to save the dashboard to Elasticsearch. Clicking the save icon will show you a menu below the toolbar panel where you can enter a name for your dashboard. After giving it a name, click the *Save* button.
### Loading a Saved Dashboard
To load an existing dashboard, other than the one that you currently have open, click on the *Open* icon in the toolbar menu. This will present you with a list of existing dashboard you can load. If you have a lot of dashboards, you can use the filter input at the top to search for the dashboard you want to load.
To load an existing dashboard, click on the *Open* icon in the toolbar menu. This will present you with a list of existing dashboard you can load. If you have more then 5 dashboards, you can use the filter input at the top to search for the dashboard you want to load.
### Sharing Dashboards
@ -50,31 +46,23 @@ The dashboard can be customized in a number of ways to suit your needs.
### Moving Containers
To move containers around, simply drag the container by clicking and holding the header and moving it where you want it. Other containers may shift around to make room for the container you are moving.
When you are happy with the location of the container, simply let geo of the mouse button.
To move containers around, drag the container by clicking and holding the header and moving it where you want it. Other containers may shift around to make room for the container you are moving. When you are happy with the location of the container, release the mouse button.
### Resizing Containers
As you move the mouse cursor of the container, a small icon will appear on the bottom right of the container. If you move your mouse down to that icon, you can click and drag the container to make it the size you need.
When you let go of the mouse button, the visualization inside the container will adjust to the new container size.
As you move the mouse cursor to the bottom right corner of the container, a small move icon will appear. Once your cursor changes the move icon, you can click and drag the container to make it the size you need. When you let go of the mouse button, the visualization inside the container will adjust to the new container size.
### Removing Containers
Containers can be removed from your dashboard by clicking on the close icon, located at the top right of the container. This will not delete the saved visualization, it will simply remove it from the Dashboard.
Containers can be removed from your dashboard by clicking on the close icon located in the top right of corner the container. This will not delete the saved visualization, it will remove it from the current Dashboard.
## Viewing Detailed Information
It may sometimes be useful to view the data that is being used to create the visualization. You can view this information by clicking on the bar at the bottom of the container. Doing so will hide the visualization and show the raw data it's using.
There are four tabs at the top of this view that break down the data in various ways.
It may sometimes be useful to view the data that is being used to create the visualization. You can view this information by clicking on the bar at the bottom of the container. Doing so will hide the visualization and show the raw data it's using. There are four tabs at the top of this view that break down the data in various ways.
### Table
This is a representation of all the underlying data, presented as a paginated data grid.
The items in this table can be sorted by clicking on the table headers at the top of each column.
This is a representation of all the underlying data, presented as a paginated data grid. The items in this table can be sorted by clicking on the table headers at the top of each column.
### Request
@ -90,6 +78,4 @@ This is a summary of the statistics related to the request and the response, pre
## Changing the Visualization
To change a visualization, click on the *Edit* icon at the top right of the visualization container. This will open that visualization in the *Visualization* app.
Refer to the [Visualization docs](#vis) for usage instructions.
To change a visualization, click on the *Edit* icon at the top right of the visualization container. This will open that visualization in the *Visualize* app. Refer to the [Visualize docs](#vis) for usage instructions.

30
docs/discover.md
View file

@ -1,6 +1,6 @@
## Discover
Discover is your first step on the road to information enlightenment. From this interface you have access to every document, in every index that matches your configured index pattern. For the purpose of this documentation, we will assume you have selected a time field. If you didn't ignore anything that mentions time.
Discover is your first step on the road to information enlightenment. From this interface you have access to every document, in every index that matches your configured index pattern. For the purpose of this documentation, we will assume you have selected a time field. If you didn't, ignore anything that mentions time.
You should see a few things:
- A list of documents
@ -12,34 +12,34 @@ If you don't see any documents, it is possible that:
- Your time range is too narrow. By default Kibana shows the last 15 minutes of data. You might want to expand this out by clicking the time in the top right of the screen and selecting a broader range.
### Document list
Now that you see some documents you can begin to explore. In the document list Kibana will show you the localized version of the time field your specified in your index pattern, as well as the **_source** of the elasticsearch document. By default the table contains 500 of the most recent documents.
Now that you see some documents you can begin to explore. In the document list Kibana will show you the localized version of the time field your specified in your index pattern, as well as the `_source` of the elasticsearch document. By default the table contains 500 of the most recent documents.
Tip: You can increase the number of document in the table from the advanced settings screen. See the Setting section of the documentation.
**Tip:** You can increase the number of document in the table from the advanced settings screen. See the [Setting section](settings.md#advanced) of the documentation.
Click on the expand button to the left of the time. Kibana will read the fields from the document and present them in a list. The + and - buttons allow you to quickly filter for documents that share common traits with the one you're looking at. Click the JSON tab at the top of the list to see the full, pretty printed, original document.
Click on the expand button to the left of the time. Kibana will read the fields from the document and present them in a table. The + and - buttons allow you to quickly filter for documents that share common traits with the one you're looking at. Click the JSON tab at the top of the table to see the full, pretty printed, original document.
Click the expand button again to collapse the detailed view of the document.
### Field list
The field list has several powerful functions. The first being the ability to add columns to the document table. If no fields are selected **_source** will be automatically selected and shown in the table. Mouse over a field name and click the **add** button that appears. Now, instead of seeing _source in the document list, you have the extracted value of the selected field. In addition, the field name has moved up to the **Selected** section of the field list. Add a few more fields. Sweet.
The field list has several powerful functions. The first being the ability to add columns to the document list. If no fields are selected `_source` will be automatically selected and shown in the table. Mouse over a field name and click the **add** button that appears. Now, instead of seeing `_source` in the document list, you have the extracted value of the selected field. In addition, the field name has moved up to the **Selected** section of the field list. Add a few more fields. Sweet!
Now, instead of clicking the **add** button, click the name of the field itself. You will see a break down of the 5 most popular values for the field, as well as a count of how many records in the document list the field is present in.
In addition, the Visualize button will pop you over to the **Visualize** application and run a more detailed aggregation on the field. For more information about visualization, see the Visualize section of the docs.
In addition, the Visualize button will pop you over to the **Visualize** application and run a more detailed aggregation on the field. For more information about visualization, see the [Visualize section](visualize.md) of the docs.
### Sorting
You may have noticed that documents appear in the reverse chronological order by default, meaning the newest documents are shown first. You can change this by clicking on the **Time** column header. In fact, any column can be sorted in the manner as long as it is indexed in Elasticsearch. Note that some fields are not indexed by default, such as _id, and that other may have indexing disabled in the Elasticsearch mapping. See the Settings > Index Patterns section of the docs for more details.
You may have noticed that documents appear in reverse chronological order by default, meaning the newest documents are shown first. You can change this by clicking on the **Time** column header. In fact, any column can be sorted in this manner as long as it is indexed in Elasticsearch. Note that some fields are not indexed by default, such as `_id`, and that other may have indexing disabled in the Elasticsearch mapping. See the [Settings > Index Patterns](settings.md#indices) section of the docs for more details.
You can also reorder columns by placing your mouse over the column header and clicking the left and right arrows that appear, however
You can also reorder columns by placing your mouse over the column header and clicking the left and right arrows that appear.
### The time chart
The time chart runs an elasticsearch aggregation to create a chart of the time stamps associated with documents in the table. Hover over a bar in the chart to see the count of documents contained with in it. Clicking on the bar will narrow the selected time range to the time range represented by the bar. If you hover over a white area of the chart, ie, not a bar, the cursor will become a crosshair. In this mode you can click-and-draw to select a range of bars to filter down to
### The Time Chart
The time chart runs an Elasticsearch aggregation to show the time stamps associated with documents in the table. Hover over a bar in the chart to see the count of documents contained with in it. Clicking on the bar will narrow the selected time range to match the time range of that bar. If you hover over the background of the chart (not a bar) the cursor will become a crosshair. In this mode you can click-and-drag to select a new time range.
### Searching
See the **Querying** section of the documentation
See the [Querying section](#querying) of the documentation.
### Saving and reloading searches.
Click the save button to save your search for later, or to reuse in other screens, such as Visualize. Saved searches can be recalled via the folder icon
Click the save button to save your search for later, or to reuse in other screens, such as Visualize. Saved searches can be loaded via the folder icon.
### Querying
@ -51,13 +51,13 @@ We can of course do free text search. Find requests that contain the number 200,
200
```
Or we can search in a specific field. Find 200 only the the status field:
Or we can search in a specific field. Find 200 in the status field:
```
status:200
```
Find all 4xx status codes:
Find all from 400-499 status codes:
```
status:[400 TO 499]
@ -75,4 +75,4 @@ Or HTML
status:[400 TO 499] AND (extension:php OR extension:html)
```
While lucene query syntax is simple and very powerful, Kibana also supports the full elasticsearch, JSON based, query DSL. See the Elasticsearch documentation for usage and examples.
While lucene query syntax is simple and very powerful, Kibana also supports the full elasticsearch, JSON based, query DSL. See the [Elasticsearch documentation](http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#query-string-syntax) for usage and examples.

4
docs/quick_start.md
View file

@ -4,10 +4,10 @@ You're up and running! Fantastic! Kibana is now running on port 5601, so point y
The first screen you arrive at will ask you to configure an **index pattern**. An index pattern describes to kibana how to access your data. We make the guess that you're working with log data, and we hope (because its awesome) that you're working with logstash. By default we fill in `logstash-*` as your index pattern, thus the only you need to do is select which field contains the timestamp you'd like to use. Kibana reads your Elasticsearch mapping to find your time fields, select one from the list and hit *Create*.
**Tip**: there's an optimization in the way of the *Use event times to create index names* option. This will use the fact that logstash creates an index every day to only search indices that could possibly contain data in your selected time range.
**Tip:** there's an optimization in the way of the *Use event times to create index names* option. This will use the fact that logstash creates an index every day to only search indices that could possibly contain data in your selected time range.
Great, you have an index pattern! You should now be looking at a paginated list of the fields in your index or indices, as well as some informative data about them. Kibana has automatically set this new index pattern as your default index pattern. If you'd like to know more about index patterns, pop into to the Settings section of the documentation.
**Did you know**: Both *indices* and **indexes** are acceptable plural forms of the word *index*. Knowledge is power.
**Did you know:** Both *indices* and *indexes* are acceptable plural forms of the word *index*. Knowledge is power.
Now that you've configured an index pattern, you're ready to hop over to the Discover screen and try out a few searches. Click on **Discover** in the navigation bar at the top of the screen.